anyweb

contact me offline (pm) please

did you start Internet Explorer as 'run as administrator'

very good point Peter and thanks for pointing it out , however i can't see how it'll run offline as the group is set to not run if in Winpe, plus the off-line options are not selected by default so it'll still need modification, but nice to see the variable is being set and with another variable ! %_SMSTSUserStatePath% like I said, i'll blog it sooner or later , in the meantime i've modified the above

its possible in CM12 of course, first you need to change the task sequence to restart in WinPE if it isnt already, then you set a task sequence variable for the OSDStateStorePath variable to something like Set the OSDStateStorePath variable = %_SMSTSUserStatePath% and then you have a capture User state task and select both the Hard Links option and Capture in off-line mode, and finally disable your diskpart step, if i get the time and energy i'll blog it soon and maybe even a webcast Note: The screenshots below are from Configuration Manager 2012 RTM Booting the Virtual Machine to see Offline mode in WinPE in CM12 booting Windows 7 box into Windows PE using PXE boot... select the Offline Task sequence.. Here are the settings in the Task sequence RestartinWinPE if not in WinPE Set the OSDStateStorePath variable = %_SMSTSUserStatePath% Set your off-line capture options for USMT 4 start the task sequence, it will copy the USMT files automatically to C:\_SMSTaskSequence\Packages\USMTPackageID\... and then it executes scanstate.exe from the correct architecture directory, and once done capturing it will apply the operating system image

sure if you want to host the SUP role on that server

In http://www.windows-noob.com/forums/index.php?/topic/5452-using-system-center-2012-configuration-manager-part-1-installation-cas/'>Part 1 of this series we created our new LAB, we got the System Center 2012 Configuration Manager ISO and extracted it, then copied it to our Active Directory server. We then created the System Management container in AD, delegated permissions to the container, extended the Schema for Configuration Manager. We then opened TCP ports 1433 and 4022 for SQL replication between sites, installed some prerequisites like .NET Framework 4.0, added some features and then downloaded and installed SQL Server 2008 R2 SP1 CU6. We then configured SQL Server using SQL Server Management Studio for security and memory configurations prior to running the Configuration Manager 2012 setup to assess server readiness. Finally we installed a central administration site (CAS). In http://www.windows-noob.com/forums/index.php?/topic/5506-using-system-center-2012-configuration-manager-part-2-install-the-primary-server-p01/'>Part 2 we setup our Primary server with SQL Server 2008 R2 SP1 CU6. We then installed Configuration Manager 2012 on our primary server (P01) and verified that it was replicating to our central administration site (CAS) server. Then we configured Discovery methods for our Hierarchy and then configure Boundaries and Boundary Groups. In http://www.windows-noob.com/forums/index.php?/topic/5605-using-system-center-2012-configuration-manager-part-3-configuring-discovery-and-boundaries/'>Part 3 we configured Discovery methods and configured boundaries and created a boundary group, we then configured them for Automatic Site Assignment and Content Location. In http://www.windows-noob.com/forums/index.php?/topic/5678-using-system-center-2012-configuration-manager-part-4-adding-roles-and-configuring-custom-client-device-settings-and-custom-client-user-settings/'>Part 4 we added the Application Catalog roles to our Hierarchy. We then configured Custom Client Device Settings and then deployed those settings to the All Systems collection on site P01. After that we created Custom Client User Settings and deployed them to the All Users collection in order to allow users to define their own User and Device affinity settings. In http://www.windows-noob.com/forums/index.php?/topic/5683-using-system-center-2012-configuration-manager-part-5-adding-wsus-adding-the-sup-role-deploying-the-configuration-manager-client-agent/'>Part 5 we installed the WSUS server role (it is required for the Software Update Point role). We then installed the Software Update Point role on our CAS and Primary servers and we configured the SUP to support ConfigMgr Client Agent deployment which is a recommended Best Practice method of deploying the Configuration Manager Client Agent. Now we will prepare our server for the Endpoint Protection Point role, and install that role before configuring custom client device settings and custom antimalware policies. We will then deploy those custom client device settings and custom antimalware policies to our newly created Endpoint Protection collections. Tip: This is a long post and it will take you some time to complete, please give yourself a few hours to go through it all. Below is an Introduction to Endpoint Protection in Configuration Manager, for more info see the following on Technet - http://technet.microsoft.com/en-us/library/hh508781.aspx'>http://technet.micro...y/hh508781.aspx When you use Endpoint Protection with Configuration Manager, you benefit from the following: You can configure antimalware policies and Windows Firewall settings to selected groups of computers, by using custom antimalware policies and client settings. You can use Configuration Manager software updates to download the latest antimalware definition files to keep client computers up-to-date. You can send email notifications, use in-console monitoring, and view reports to keep administrative users informed when malware is detected on client computers. Endpoint Protection installs its own client, which is in addition to the Configuration Manager client. The Endpoint Protection client has the following capabilities: Malware and Spyware detection and remediation. Rootkit detection and remediation. Critical vulnerability assessment and automatic definition and engine updates. Integrated Windows Firewall management. Network vulnerability detection via Network Inspection System. Tip: Chapter 16 of the recently released book entitled http://www.amazon.com/System-Configuration-Manager-Unleashed-ebook/dp/B008LW61JI/'>System Center 2012 Configuration Manager Unleashed by SAMS publishing covers Endpoint Protection in much greater detail than this post, I'd highly recommend you read it, and of course I have to mention that as I wrote it ! :-) Step 1. Prepare our Hierarchy by creating Endpoint Protection Folders. Note: Perform the following on the CAS server as SMSadmin In order to make management of our Endpoint Protection devices easier we will create some new Folders. This will facilitate targeting unique custom Antimalware policies and custom client settings to target different types of computers, for example you may want to target different File and Process exclusions to your SQL servers as compared to your Hyper-V host servers. As Folders and Collections are http://technet.microsoft.com/en-us/library/gg712990.aspx'>Global data everything we create on the CAS will be replicated to our child Primary. On the CAS server select the Assets and Compliance workspace and right click on Device Collections, choose Create Folder. Give the folder a suitable name such as Endpoint Protection. Once created we can see our new Endpoint Protection folder by clicking on the small triangle to the left of Device Collections, this triangle informs us that there are more things to see under Device Collections. Click on the triangle and it reveals our new Endpoint Protection folder. Now we will create some additional Folders underneath our top most Endpoint Protection folder, this will allow us to separate Servers from Desktops and Laptops. Select the Endpoint Protection folder, right click and choose Folder, Create Folder. The first folder will be called Endpoint Protection Managed Clients repeat the above process and create another folder called Endpoint Protection Managed Servers. Once done, you can now click on the small triangle beside our Endpoint Protection folder, and review our new folders. Next we will populate these folders with some new collections. Step 2. Create Endpoint Protection Device Collections to categorize computers. Note: Perform the following on the CAS server as SMSadmin Expand our Endpoint Protection Managed Clients folder and right click, select Create Device Collection. Create two new collections with no membership rules and limited to the All Systems collection: Endpoint Protection Managed Desktops Endpoint Protection Managed Laptops so we end up with the following under our Endpoint Protection Managed Clients folder. Using the above method, create the following collections under our Endpoint Protection Managed Servers folder. The exact number of server collections is up to you, create what you need for your organization, the list below is a suggestion of typical server roles and makes it easy for you to target custom antimalware policies and custom client device settings to those unique server roles in your organization. Add the collections you need in your organization (Note that some Windows server roles which you use may not be listed below, if that is the case then simply create your own). Endpoint Protection Managed Servers - Configuration Manager Endpoint Protection Managed Servers - DHCP Endpoint Protection Managed Servers - IIS Endpoint Protection Managed Servers - Domain Controller Endpoint Protection Managed Servers - Exchange Endpoint Protection Managed Servers - File Server Endpoint Protection Managed Servers - Hyper-V Endpoint Protection Managed Servers - IIS Endpoint Protection Managed Servers - Operations Manager Endpoint Protection Managed Servers - SharePoint Endpoint Protection Managed Servers - SQL Server 2008 Once you have created your new collections, the Endpoint Protection Managed Servers collections should look like this: Tip: if you don't want to manually enter all this information you could create a Powershell script to achieve the same thing, here's a http://www.sepago.de/d/david/2012/02/25/microsoft-configuration-manager-2012-and-powershell-ae-part-2'>sample script to do help you (Powershell knowledge required). At the moment our new collections are all empty and that's ok, you can populate them however you want, either using direct membership or queries. Do make sure that the correct type of device is in the collection in question so that when we target our custom device settings and custom antimalware policies to those collections that the correct devices are receiving the correct antimalware settings/policies. Step 3. Enable the Endpoint Protection role Note: Perform the following on the CAS server as SMSadmin The Endpoint Protection point site system role must be installed before you can use Endpoint Protection or before you can create custom Endpoint Protection client settings. It must be installed on one site system server only and it must be installed at the top of the hierarchy on a central administration site or a standalone primary site. As we have a hierarchy consisting of a CAS and child Primary, we will install the role on our CAS server. If you are following this guide and using only a standalone primary server then you must install the Endpoint Protection role on that server. In the Administration workspace, expand Overview and expand Site Configuration, select Servers and Site System Roles. Right click on our CAS server and select Add Site System Roles. make any changes necessary on the Add Site System roles Wizard screen and click next, Select the Endpoint Protection point role and take note of the popup screen, we have already configured our SUP to Synchronise Definition Updates in http://www.windows-noob.com/forums/index.php?/topic/5683-using-system-center-2012-configuration-manager-part-5-adding-wsus-adding-the-sup-role-deploying-the-configuration-manager-client-agent/'>Part 5 of this series however if you have not completed that part yet please review it now, or alternatively you'll have to remove Configuration Manager as an update source in your Custom Antimalware Policies. Accept the Endpoint Protection License based on your License aggreement with Microsoft and select your MAPS membership type which applies to your entire heirarchy as the default setting (this can be changed for all custom antimalware policies later). Select Advanced Membership. Note: By joining MAPS, you will be able to avail of the dynamic signature service' http://technet.microsoft.com/en-us/library/hh508770.aspx click your way through the rest of the wizard. Within a few minutes you'll see the Endpoint Protection client (SCEP Client) appear in the system tray of your CAS Server. Note: The installation of the SCEP client on the CAS server is normal behaviour and is expected. You must have the SCEP client installed on your ConfigMgr Server hosting the Endpoint Protection role. This SCEP client is used to convert Animalware IDs in the Configuration Manager database and can co-locate with another Antivirus solution on this server if necessary. This SCEP client is currrently unmanaged and does not scan for malware and does not use real time protection unless you target this server with custom antimalware policies and custom client settings which enable this functionality. Tip: you can review the EPSetup.log located at D:\Program Files\Microsoft Configuration Manager\Logs on the server to monitor role installation progress. Look for the line which states Installation was successful to reflect a succesful installation of the Endpoint Protection Point role. Step 4. Configure Alerts for Endpoint Protection. Note: Perform the following on the CAS server as SMSadmin You can configure Endpoint Protection alerts in System Center 2012 Configuration Manager to notify administrative users when specific security events occur in your hierarchy. Notifications display in the Endpoint Protection dashboard in the Configuration Manager console, in reports, and you can configure them to be emailed to specified recipients. - Technet: http://technet.microsoft.com/en-us/library/hh508782.aspx'>http://technet.micro...y/hh508782.aspx. Configure Email Notification (Optional) If there is a malware breakout in your organization, you'd want to be notified as soon as possible, provided that there are no issues with your email servers or firewalls you can get email notification in minutes of an outbreak provided that you have first configured email notification. You will need access to an SMTP server to configure Email Notification Alerts. In the configmgr console, click on Administration, expand Overview and expand Site Configuration, select Sites and click on Settings in the ribbon and click on Configure Site Components and select Email Notification. Enter your desired settings for SMTP and click Apply. You can test your SMTP settings also by clicking on Test SMTP server. This will give you feedback as to whether the email was sent or not or whether there were problems contacting the SMTP server. As long as the test above didn't show any warning or error, now is a good time to check the inbox of the email address you specified in the test email recipient field, you should see a new (blank) email with the following Subject: Configure Alerts for device Collections Note:- You cannot configure alerts for User Collections. Next we will configure alerts for our Endpoint Protection device collections. In this example we will use our Endpoint Protection Managed Servers - Configuration Manager collection however you should repeat this process for each collection that you want to monitor for alerts in the Configuration Manager console, via the http://www.niallbrady.com/2012/06/27/how-can-i-view-hidden-endpoint-protection-reports-in-system-center-2012-configuration-manager/'>Endpoint Protection Reports and of course the Endpoint Protection Dashboard. In Assets and Compliance, browse to the Endpoint Protection Managed Servers folder, and select the Endpoint Protection Managed Servers - Configuration Manager collection. Right click and choose properties. Click on the Alerts tab and place a checkmark in View this collection in the Endpoint Protection Dashboard and place a checkmark in those headings that interest you for client status and Endpoint Protection. you can further configure the alert severity or other options (depending on the type of alert selected) in the Alerts screen once you've applied the above settings. In the example below the Repeated malware detection alert settings are listed. Once you've configured all the Endpoint Protection collections for Alerting, you can review Endpoint Protection dashboard (System Center 2012 Endpoint Protection Status) in the Monitoring workspace and select one of our 13 collections from the drop down menu. The information provided will change as data flows in once we deploy custom client device settings and custom antimalware policies to our Endpoint Protection collections. Step 5. Add Forefront Endpoint Protection 2010 as a product and sync the SUP Note: Perform the following on the CAS server as SMSadmin If you want your clients to get their definition updates from Configuration Manager, then you'll need to configure your Software Update Point accordingly. Our SUP is already setup and configured as in http://www.windows-noob.com/forums/index.php?/topic/5683-using-system-center-2012-configuration-manager-part-5-adding-wsus-adding-the-sup-role-deploying-the-configuration-manager-client-agent/'>Part 5, which means it will check for definition updates and synchronize with Microsoft on a schedule of once per day, however we need to add the Forefront Endpoint Protection 2010 product to our list of products to sync against otherwise we won't see any Definition Updates appearing in our Software Update Point. In the Administration workspace, select Site Configuration, Sites, select our CAS server, and in the ribbon click on Settings, Configure Site Components, and select Software Update Point from the list. Select the Products tab, scroll down to Forefront and select Forefront Endpoint Protection 2010, click Apply. Next we will force a sync to Microsoft, select the Software Library workspace, select Software Updates, right click on All Software Updates and choose Synchronize Software Updates. Answer Yes to the popup. Tip: Review the wsyncmgr.log on the CAS server in D:\Program Files\Microsoft Configuration Manager\Logs to confirm that the sync has successfully completed. Look for a line that states Sync Succeeded. If it fails to sync make sure that the Update Services service on CAS has started. Step 6. Configure SUP to deliver Definition Updates using an Automatic Deployment Rule Note: Perform the following on the CAS server as SMSadmin Before starting this step create a folder on D:\sources\WindowsUpdates\EndpointProtection on the CAS server to store our Endpoint Protection definition Updates. Our sources folder is shared as sources. In the Configuration Manager console, click Software Library, expand Software Updates and click right click on Automatic Deployment Rules and choose Create Automatic Deployment Rule, Fill in the details as below, for name use ADR: Endpoint Protection, the naming is important, think weeks, months, years ahead when you are searching for that Automatic Deployment Rule you or someone else created, prepending ADR: Endpoint Protection will easily separate these ADR's from other ADR's created by you or other admins for patch Tuesday software updates for example. For target collection choose the collection you want to target with these definition updates, in our example we will select the Endpoint Protection Managed Desktops collection. On the Deployment Settings page of the wizard select Minimal from the Detail level drop-down list and then click Next, this reduces the content of State Messages returned and thus reduces Configuration Manager server load. on the Software Updates page select Date Released or Revised, choose Last 1 day, and select Products, then select Forefront Protection 2010 from the list of available products. for Evaluation Schedule, click on Customize and set it to run every 1 days, Tip: notice that the Synchronization Schedule is listed below, make sure that the SUP synchronizes at least 2 hours before you evaluate for Forefront Endpoint Protection definition updates, there is no point checking for updates if we haven't synchronized yet. for Deployment Schedule set Time based on: UTC if you want all clients in the hierarchy to install the latest definitions at the same time, this setting is a recommended best practice. For software available select 2 hours to allow sufficient time for the Deployment to reach all Distribution Points and select As soon as possible for the installation Deadline. Note: Software update deadlines are randomized over a 2-hour period to prevent all clients from requesting an update at the same time. for the User Visual Experience select Hide from the drop down menu as we don't want our users informed of new Definition Updates daily and supress restarts on Servers. for Alerts enable the option to generate an alert, set the compliance percentage to be equal to the SLA you expect for that site, in this example we'll select 85%. for Download Settings we want to be sure that our clients get these malware definitions regardless of whether they are on a slow site boundaries or not, so we will set both options accordingly. For Deployment Package we need to create a new Deployment Package, give it a suitable name like Endpoint Protection Definition Updates and point it to a previously created shared folder (\\cas\sources\WindowsUpdates\EndpointProtection). Note: Make sure that \\cas\sources\WindowsUpdates\EndpointProtection exists otherwise the wizard will fail below when it tries to download as the network path won't exist. After running the ADR once, retire it by right clicking on the rule and select Disable (or delete) and create a new ADR except this time point the deployment package to the package which is now created called Endpoint Protection Definition Updates. For Distribution Points click on the drop down Add button and select distribution point, select our distribution point on our primary server (P01) and click ok. click your way through the rest of the Wizard until you reach the summary screen but before finishing the wizard click on save as template in order to speed up entering values in the remaining ADR's you'll be creating. once done, complete the wizard and the template is ready for use the next time you create a new ADR. Note: You must repeat the above process for each collection you want to target with Endpoint Protection definition updates delivered from Configuration Manager using an Automatic Deployment Rule. Below is a screenshot showing the 13 additional ADR's I've created, note how the first ADR is disabled (that was used for creating the deployment package). Step 7. Configure custom antimalware policies Note: Perform the following on the CAS server as SMSadmin. Antimalware Policies for Endpoint Protection define how and where the computers get their definition updates, how and when to scan for malware, what to do when it's detected and a multitude of additional options. You can create many custom antimalware policies and target them (Deployment) to your Endpoint Protection collections. Microsoft provides several built-in policies out of the box that you can simply import and then deploy to your chosen collection. Tip: Do not configure the default client AntiMalware Policy unless you are sure that you want these applied to all computers in your hierarchy. Custom antimalware policies always take precedence over Default antimalware policies as they have a higher priority. On your CAS (you could do this action also on your Primary server P01 as AntiMalware Policies are Global Data and replicate accordingly), click Assets and Compliance, click Endpoint Protection, select Antimalware Policies. In the ribbon select Create Antimalware Policy give the policy a suitable name like Custom Antimalware Policy - Endpoint Protection Managed Servers - Configuration Manager Tip: If you want to set the definition updates source to be a UNC file share then read this post. I won't go into details about the specific settings you should enter, every customer is different. If you want details of what is recommended for a server or desktop then either import the built-in policies and use them, change them, merge them, examine them, or read Chapter 16 of the System Center 2012 Configuration Manager Unleashed book, or review this page on http://technet.microsoft.com/en-us/library/hh508785.aspx'>Technet. Tip: Do you want your mobile clients to be patched regardless of whether they can contact your Configuration Manager server or not ? if so, select both Windows Update as well as Configuration Manager as sources. In addition you can increase the frequency of checking for updates to a few times a day even though Configuration Manager (in RTM) can only sync once a day, if you have a source pointing to Windows Update and a working internet connection then your clients can get patched against malware three times per day. The screenshot below is for your mobile clients (not necessarily for your Configuration Manager servers themselves). Once your custom Endpoint Protection antimalware policy is created, right click on it, and choose Deploy Target the policy to the appropriate collection - job done, now repeat the above process for each Endpoint Protection collection you created. In the screenshot below a custom antimalware policy is being deployed to the Endpoint Protection Managed Servers - Configuration Manager collection where i've placed both our CAS and P01 servers. TIP: you can merge two or more policies together to blend the settings, for example import an SQL Server 2008 policy and a Configuration Manager 2012 policy and you'll get a suitable custom antimalware policy for your Configuration Manager 2012 servers which have SQL on box. Step 8. Configure custom device settings Note: Perform the following on the CAS server as SMSadmin. The above actions are all well and good but will do nothing until the clients receive policy to tell them that they are managed by Endpoint Protection. That is done via client settings in particular the Endpoint Protection section. Custom Client Device settings always take priority over the Default Client Settings. So lets create a brand new custom client device settings. Note: Do not configure the default client settings (for Endpoint Protection) unless you are sure that you want them applied to all computers in your hierarchy. On your CAS Server (or the Primary server P01 as this is Global data), in the Administration workspace, right click on Client Settings and choose Create custom client device settings. give it a suitable name like Custom Client Device Settings - Endpoint Protection Managed Servers - Configuration Manager and select Endpoint Protection from the list of options in the left pane. set Manage Endpoint Protection Client on client computers to True if you want to manage your computers.. Note: Since Configuration Manager 2012 SP1 was released the Client settings have some new options, be aware that the first of these options may mean that your SCEP client does not install based on how you have configured those options, so please review these additional options if using Configuration Manager 2012 Sp1 (see below). click ok when done, right click on the new custom settings and choose Deploy select our Endpoint Protection Managed Servers - Configuration Manager collection and continue through the wizard until completion. Step 9. Verify it's working on a client Note: Perform the following on a computer that is in a collection targetted with the custom client settings and custom antimalware policy Logon to a computer in the Endpoint Protection Managed Servers - Configuration Manager collection and startup the System Center Endpoint Protection gui, click on help to see details about what policy is applied (RTM) or check the registry to find out which policies are merged (SP1). Note: If you are using System Center 2012 Configuration Manager Service Pack 1 then the SCEP client UI displays the Antimalware Policy differently, see this post for details. Troubleshooting: After the SCEP client is installed it will at first appear to be in an unmanaged state (until all policies are received and processed). As a result it will probably look as follows just after it has been installed. To speed things up you can open up the Configuration Manager client on that computer and click on the Actions tab, trigger a Machine Policy Retrieval and Evaluation Cycle (or wait until the alloted time for policy to refresh on the clients occurs). Once the clients have received and processed all policy, they will attempt to update the Antivirus Definitions from the sources listed in our custom antimalware policies, and once applied the SCEP client will look it's familiar Green. In the example screenshot below the SCEP client has updated itself to the latest available definition updates on my Configuration Manager server, and they were last synced (to the internet) 2 days ago. As this is a lab I have the ability to enable/disable internet for those computers and the last internet access available on my SUP was two days ago. What this shows you is it's working perfectly, it has received it's custom Antimalware policy, it has updated itself using the SUP as the source and taken the latest available definition updates that were on the SUP. The following Log files will also aid in troubleshooting definition updates retrieval. Browse to C:\Windows\Temp and look for the following log files...:- MpCmdRun.Log MpSigStub.Log To get extensive logfiles open an administrative command prompt and CD to the following directory on the client, C:\Program Files\Microsoft Security Client\Antimalware and execute the following command MpCmdRun.exe -getfiles the following will be output the log files are store in C:\ProgramData\Microsoft\Microsoft Antimalware\Support and that directory in turn will contain a CAB file (MPSupportFiles.cab) which has several relevant log files to examine. As a final note, review the WUAHandler.log on the computer in question to see that it is indeed checking for the Endpoint Protection definition updates, as per the screenshot below. If it is not pulling Definition Updates from Configuration Manager then WUAHandler.log will reveal the reason why (probably a group policy causing a conflict). If you are having issues with the client installing or getting the Endpoint Protection role installed please refer to the following http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_EPLog'>Endpoint Protection Log files. EndpointProtectionAgent.log - Records details about the installation of the Endpoint Protection client and the application of antimalware policy to that client.EPCtrlMgr.log - Records details about the synchronization of malware threat information from the Endpoint Protection role server into the Configuration Manager database.EPMgr.log - Monitors the status of the Endpoint Protection site system role.EPSetup.log - Provides information about the installation of the Endpoint Protection site system role. Recommended Reading: Introduction to Endpoint Protection in Configuration Manager - http://technet.microsoft.com/en-us/library/hh508781.aspx Planning for Endpoint Protection in Configuration Manager - http://technet.microsoft.com/en-us/library/hh508763.aspx Configuring Endpoint Protection in Configuration Manager - http://technet.microsoft.com/en-us/library/hh508764.aspx Prerequisites for Endpoint Protection in Configuration Manager - http://technet.microsoft.com/en-us/library/hh508780.aspx Best Practices for Endpoint Protection in Configuration Manager - http://technet.microsoft.com/en-us/library/hh508771.aspx Administrator Workflow for Endpoint Protection in Configuration Manager - http://technet.microsoft.com/en-us/library/hh526775.aspx Please continue to the next post in this series.

you can set the name in lots of ways, via the CSV file is one way indeed, what are you looking for exactly ?

yup we need the log to identify the issue

hmm does it actually pop up an error at this point or does it just sit there forever logging the same line ? do you also have a copy of any other logs ? check x:\windows\temp\smstslog\

Today marks an important milestone in the Windows 8 project. The Windows 8 team is proud to share with you that a short while ago we started releasing Windows 8 to PC OEM and manufacturing partners. This means our next milestone will be the availability of exciting new models of PCs loaded with Windows 8 and online availability of Windows 8 on October 26, 2012. Back when we first demonstrated Windows 8 in May 2011, we described it as “reimagining Windows, from the chipset to the experience,” and that is what Windows 8 (and Windows RT) represents for both Microsoft and partners. The collective work: from the silicon, to the user experience, to new apps, has been an incredibly collaborative effort. Together we are bringing to customers a new PC experience that readies Windows PCs for a new world of scenarios and experiences, while also preserving an industry-wide 25-year investment in Windows software. We continue to be sincerely humbled by the breadth of participation in our pre-release testing. The previews of Windows 8 (Developer, Consumer, Release) have been the most widely and deeply used test releases of any product we have ever done. Over 16 million PCs actively participated in these programs, including approximately 7 million on the Release Preview that started 8 weeks ago. The depth and breadth of testing validate the readiness of Windows 8 for the market. The openness of the previews presents a unique perspective on product development, and we’re deeply committed to the transparency of the preview process. No product used by so many people in so many different ways is developed “out in the open” like Windows 8 has been. This blog, the forums, and the preview releases form an important part of the development process. Major changes have been made at each milestone and as we promised, the final release (build 9200, for those tracking) contains many promised refinements. We are humbled by the responsibility of meeting the needs of such a diverse set of customers and enthused by the deep level of participation in the pre-release process. While we have reached our RTM milestone, no software project is ever really “done.” We will continue to monitor and act on your real world experiences with Windows 8—we’ve used the preview process to test out our servicing and we have every intent of doing a great job on this next important phase of the product. Hardware partners will continue to provide new devices and improve support for existing devices. PC makers no doubt have quite a bit in store for all of us as they begin to show off PCs specifically designed for Windows 8. With improvements in fundamentals, enhanced storage and connectivity, newly architected subsystems, the “fast and fluid” user experience, and the WinRT platform (to name a few), Windows 8 has literally thousands of new features. We did a record number of blogs posts (and videos) and did not even come close to covering the full breadth of Windows 8. There’s much left to learn about and discover in the product. Some of the most exciting innovations with Windows 8 are yet to come—the innovations from developers building apps on the new WinRT platform. Today, the Store is open for business and we’ll rapidly expand to over 200 markets around the world. The opportunity for developers around the world to deliver innovative (and profitable) apps is unique with Windows 8. We’re excited to see the work developers will be bringing to Windows 8. We’ll also have a chance to talk more about the Windows 8 platform at the next BUILD conference recently announced. We know there are lots of questions about how to get Windows 8 and when, and of course more questions to come about exploring and using the full set of thousands of Windows 8 features. Our Windows Team Blog today has posted a lot of new information and gathered up some important details that we hope will answer your questions. Please check our blog and stay in touch on the in-market developments of Windows 8 there. On behalf of the Windows 8 engineering team, we want to thank you very much for your contributions throughout development and your contributions yet to come to Windows 8. THANK YOU! Next stop, October 26, 2012 and General Availability! --The Windows 8 team via MSDN > http://blogs.msdn.co...ust-1-2012.aspx

Howdy! Today is the day we’ve all been waiting for. I’m proud to announce that Windows Server 2012 has been released to manufacturing. That means the final code is complete and we are delivering it to our hardware and software vendor partners this week. We will also make the software available to our volume licensing customers in the next couple of weeks. Get out your calendars and free up some time on September 4. That’s when Windows Server 2012 will be generally available for evaluation and purchase by all customers around the world. On that day we will also host an online launch event where our executives, engineers, customers and partners will share more about how Windows Server 2012 can help organizations of all sizes realize the benefits of what we call the Cloud OS. You will be able to learn more about the features and capabilities and connect with experts and peers. You’ll also be able to collect points along the way for the chance to win some amazing prizes. You don’t want to miss it. Visit this site to save the date for the launch event. On behalf of the Windows Server engineering team, I can tell you it has been a thrill and honor for us to deliver this product. Most importantly, we thank the many thousands of you who have provided your input and guidance throughout the process of designing and building it. So far the hands-on feedback on the product from you, industry analysts and press has been phenomenally positive. I attribute that to the fact that, from the outset, we committed ourselves to building Windows Server 2012 around the needs and goals of our customers and partners. It feels great to ship software that so squarely addresses customer objectives, both in the here and now and in the future. Cheers! Jeffrey via Technet > http://blogs.technet...ufacturing.aspx

in the Administration workspace, Servers and Site System Roles, select your server hosting the SUP role, click on software update point, done.

you can follow the same guide and you'll see it links to a 'standalone' server installation, that's what you require (a standalone primary, no CAS), just make sure your versions of SQL match whats listed in the Part 1. Installation guide. As regards Q2, I'm not sure i've not used it, but i would do so prior to setting this up.

did you try forcing the machine policy ? is the client functional ?

you have the same error as before, have you looked into using /lac ?

the smsts.log file will reveal why it failed to capture your image, look in c:\windows\ccm\logs\ you can post it here if you wish

first things first, when you setup the SUP on your primary how did you install it ?

are you using Configuration Manager 2012 or 2007 ? please raise NEW topics when you have problems instead of posting little or not info at the end of an unrelated thread.

first things first, create your Windows 7 master image using the step by step guide here. Secondly post your log files so that we can see what is wrong and explain what you expected to happen and what actually happened.

I have to ask, did you open loadstate.log in notepad or Trace32 ? if you did you would have seen this error (search for the word failed)

look for the loadstate.log file in this location, it's listed clearly in your smsts-.... log file (did you look at the contents of that log file?) C:\Windows\SysWOW64\CCM\Logs\SMSTSLog\loadstate.log post that loadstate.log file here and we'll help you.

why did the installation fail ? can you provide the logs from the client please

just make sure it's in a collection targetted with custom client settings that enable installation of the SCEP client.

are you sure you followed my guides step by step, if so you wouldnt have any firewall PORT issues for sql, i can remote into your box tomorrow and take a look if you want.

please raise a separate post for that question, you are mixing up two entirely different problems, it's confusing to readers. Moving this topic to Configuration Manager 2007 forums.