anyweb

hi John, first of all there is no SCCM 2016, it's just called System Center Configuration Manager (Current Branch) version 1702. Secondly, how are your Software Updates targeted to the workstations ? using a regular deployment or an ADR ? what are your system restart settings for that deployment ? as regards BitLocker, are you seeing it prompt for something after applying an update ? what are you seeing exactly ?

can you attach the smsts.log on the duplicate ts please so i can see what's happening. feel free to remove your company name(s) from the log.... by search/replace in notepad first

if you select the duplicate, what does the smsts.log file tell you ? maybe someone duplicated the actual ts, moved it elsewhere in the console, and deployed it...

and what client version are you installing ?

and are you following my guide 100% or are you deviating from it.... which version of the Office 365 Suite did you pick (x64 or x86) ? from your error it looks like the Intune service is not available, did you try again ?

Ronni ? most people get my name wrong but Ronni is a first :-/ but as regards your xml not applying, did you follow all the steps in my guide or did you do something differently

Introduction I've been doing a lot of testing with Windows AutoPilot recently (blog post coming soon), and as part of that testing, I wanted my Windows 10 version 1709 (Fall Creators update) devices to have a customized start screen (or start menu as people often refer to it) with some Office applications and device configuration profiles installed. The ability to customize the start menu in Windows 10 is nothing new but I ran into some issues with the process, as I was using a 32 bit version of the Office Suite so I thought I'd document the fix here. The issue I observed was that after creating the XML file, importing it into Intune and deploying it out to Windows 10 devices, instead of getting the Office icons in the start screen, they got blank boxes, and those boxes never populated with icons even after Office was installed. Some internet searching and digging found the answer but it wasn't that clear what you had to do, hence this guide. A newly installed Windows 10 version 1709 start menu can look quite a consumer oriented mess, such as the one shown below. This is definitely not what you want to see in your Enterprise. In this post you will deploy the Office 365 suite to Windows 10 version 1709 devices and then customize the start menu before capturing it to an XML file, editing the XML file and then deploying it using Intune. Note: When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the All Apps view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. Step 1. Configure the Office 365 suite in Intune (optional) Customizing a start menu makes sense in an Office environment particularly when your users expect their Office apps are easy to reach. But before you can do that you'll configure Office to install on some Windows 10 devices. In the Intune service in Azure, click on Mobile Apps, and then select Apps. Click on + Add and then select Office 365 Suite and Windows 10. Click on Configure App Suite, make your selections and click OK Next click on App Suite Information, fill in the information and click ok. and next click on App Suite Settings, make your choices for Servicing (Office Updates) and Language options and click on OK then OK again. As I like to use WIP I have selected Monthly (targeted) to get the latest versions of office quickly. Note: When choosing whether you want to assign the 32-bit, or 64-bit version of Office. You can install the 32-bit version on both 32-bit, and 64-bit devices, but you can only install the 64-bit version on 64-bit devices. When done configuring click on Add. Next you need to Assign (deploy) the Office Suite to a group of users by clicking on Assignments. After clicking on Assignments, select a Group of users, then select the type of assignment, in this case I choose Required so that it is automatically installed. Click on Save when done. For more info on Configuring the Office 365 Suite in Intune see https://docs.microsoft.com/en-us/intune/apps-add-office365 Step 2. Customize the start menu on a Windows 10 device On an enrolled Windows 10 device, login as a user that is targeted with the Office 365 Suite assignment created in Step 1, and wait until the Office 365 suite has deployed. You can verify this in Intune using the App install status for the user (or device) by selecting the app in Monitor, App Install Status. Once the Office 365 Suite is installed, start customizing the Start menu by unpinning unwanted apps by right clicking on an app you want to remove, and choosing Unpin from Start. After you've unpinned all the apps you want removed, it's time to pin your Office apps, to do that, highlight an Office app, right click and choose Pin to Start. repeat the above until you have all the apps you want to appear on the start screen, in the size and location of your choice. Give the Office group a name by typing text above it. After you are done you'll have a finished start screen something like this one. Step 3. Export the start screen Start PowerShell as Administrator on the device with the customized start screen. Export the start screen using the following command Export-StartLayout -path C:\startmenu.xml Note: If the Start layout that you export contains tiles for desktop (Win32) apps or .url links, Export-StartLayout will use DesktopApplicationLinkPath in the resulting file. Use a text or XML editor to change DesktopApplicationLinkPath to DesktopApplicationID. See Specify Start tiles for details on using the app ID in place of the link path. As you selected Office 365 Suite with 32 bit architecture, you'll need to modify the XML file otherwise no Icons will appear on the users start screen. But before doing that you'll need to identify the DesktopApplicationID for each Office App in the start screen. To do that, list the start apps using Get-StartApps cmdlet. Now that you have the info needed, you can modify the XML file. Using notepad or an XML editor, open the file C:\StartMenu.xml Replace all instances of DesktopApplicationLinkPath with DesktopApplicationID. Next, replace the DesktopApplicationLinkPath text eg: "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk" for each office app, with the correspoonding AppID from the Get-StartApps cmdlet eg: "Microsoft.Office.EXCEL.EXE.15" Here you can see the modified xml file. Save the modified file to your Desktop. Here is a copy of the modified file for your information. startmenu.xml Step 4. Create a device configuration profile in Intune In Intune in Azure, click on Device Configuration, click on Profiles and then click on + Create Profile. In the Create Profile blade, give it a suitable name such as Windows 10 - Office 365 suite start screen (so you can easily search for it later) and choose Windows 10 and later as the platform and then select Device restrictions. For Settings, click on Start (from the options available, scroll down) and then select the previously created XML file. There are many more settings which you can configure in the Start settings, but for now, this is all you will configure. Click on OK when done, then click OK again, and finally click Create. Next, you need to Assign the device restriction, so click on Assignments and assign it to the User Group that you deployed Office to, in this case, the Office 365 suite users group. Click on Save when done. Step 5. Review the end result On a Windows 10 version 1709 device sign in with credentials of a user that is in the Office 365 Suite users Group. If you login immediately after enrolling, then the Office 365 suite will not yet be installed, but it will have pulled down the policies including the custom start screen, it will look like so... This is expected behavior and all the user has to do is wait until Office 365 get's installed (12 minutes or so). The icons will automatically appear as soon as each app is installed. And here it is, job done ! Note: This method leaves a custom start menu but the user cannot change the tiles or add to the start menu, if you want them to have that ability then change <DefaultLayoutOverride> to <DefaultLayoutOverride LayoutCustomizationRestrictionType="OnlySpecifiedGroups"> Notice how the pinned items that you've defined will have a lock on them but the user can add/remove other items. Recommended reading https://docs.microsoft.com/en-us/intune/apps-add-office365 https://docs.microsoft.com/en-us/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout#customize-the-start-screen-on-your-test-computer https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop#specify-start-tiles https://www.windows-noob.com/forums/topic/15773-how-can-i-enable-mdm-auto-enrollment-for-microsoft-intune-in-azure/

Introduction Microsoft (together with a bunch of Microsoft MVP's in Seattle) have released the latest Technical Preview release of System Center Configuration Manager namely System Center Configuration Manager Technical Preview 1711. There are two main versions (of Configuration Manager) available: System Center Configuration Manager (Current Branch) System Center Configuration Manager (Technical Preview) System Center Configuration Manager (Current Branch) is designed for use in production, for managing anything from small to very large Enterprises whereas System Center Configuration Manager (Technical Preview) is for lab environments only and is limited to 10 clients. The Technical Preview releases are released monthly, and contain the latest and greatest features being trialed in the product, and usually these new features are the result of feedback from uservoice. Current Branch releases on the other hand are released only a few times per year and contain stable, tested features that are mature enough to release into production environments. System Center Configuration Manager Technical Preview 1711 is now available. This release offers the following new features: Run Task Sequence step – This release includes improvements to the new Run Task Sequence step, which runs another task sequence creating a parent-child relationship between task sequences. See the online documentation for more details about the improvements. This is currently the feature with the third highest number of votes on UserVoice Allow user interaction when installing applications as system – Now users can interact with an application installation user interface in system context even during a task sequence. This feature is a popular request on UserVoice. This release also includes the following improvement for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices: New options for compliance policies – You can now configure new options for compliance policies for Windows 10 devices. The new settings include policies for Firewall, User Account Control, Windows Defender Antivirus, and OS build versioning. Installing this release So how do you get Technical Preview installed ? There are two methods: Upgrade from a previous installation of Technical Preview (as shown in this guide). Do a clean install of Technical Preview 1703 (the latest TP baseline) by using the following guide and replace the base version in that guide with the TP1703 release and then upgrade. Upgrading to this release Once you have a Technical Preview release installed, in the Configuration Manager console browse to Administration, Overview, Updates and Servicing as shown below. Click on Check for Updates (in the ribbon) Next, click on the OK button. After refreshing the console, you can see the update is available. As instructed, if you want more details about what’s happening, you can read the DMPDownloader.log available in <drvletter>:\Program Files\Microsoft Configuration Manager\Logs, you can use CMTrace to do so. And refresh the console by clicking on the Refresh icon in the ribbon, you should see the update pack is downloading, and once it is downloaded the state will change to Ready to Install. Installing the update Right click the update and choose Install update pack. A wizard appears. Click Next. the Features included in the update pack will be listed. Select your client update settings and click Next accept the EULA and configure the software assurance expiration date and click through to the completion Monitoring the Upgrade At this point you should monitor the CMUpdate.log available in <drvletter>:\Program Files\Microsoft Configuration Manager\Logs, you can use CMTrace to do so. This log will detail the installation of the update pack. You should also pay attention to the following log files present in the root of C:\. CompMgrProv.Log ConfigMgrPrereq.log ConfigMgrSetup.log and after refreshing the console, the state of the update pack will change to Installing. Clicking on Show Status will give you detailed info about the state the Installation is in, it is broken down into 5 distinct phases in the top pane: Download Replication Prerequisite Check Installation Post Installation Selecting a phase will highlight what state the update is in, including what (if any) problems it has. And after a while it should progress through to the Post Installation phase, And after refreshing the console you’ll be informed that a new version is available namely version 5.00.8582.1000. and after a while the new console is installed. After Installing this version, you can check your Upgrade history by navigating to the Updates and Servicing node, and clicking on History in the ribbon. Related reading https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1711 https://cloudblogs.microsoft.com/enterprisemobility/2017/11/17/update-1711-for-configuration-manager-technical-preview-branch-available-now/

should be no problem with SCCM current branch, have you tried that ?

hi, all you have to do is mount the boot wim with DISM, inject the file (copy it) and then unmount the boot wim, i'll post an example if you need

you might also want to checkout this post, for the next time

I'd go with one server, it's much easier to manage, but refer to the following link before deciding what is appropriate for your organisation https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/mbam-25-planning-checklist

and as regards your new error it could be related to anything, for example what version of the ConfigMgr client are you installing ? stick with it, you'll get it working the error you are seeing ( Failed to create an instance of COM progress UI object. Error code 0x80040154 means... Class not registered Source: Windows ----- why, I do not know... but check your ConfigMgr client agent version for starters...

have you tried changing SKU as described here (from Mr. Niehaus) You can force it by adding a “/pkey <key>” switch to the command. For example, if you want to force it to upgrade to Windows 10 Enterprise, use “/pkey NPPR9-FWDCX-D2C8J-H872K-2YT43”.

can you attach your smsts.log files please ?

Introduction Microsoft released the new Surface Pro and recently a new operating system, Windows 10 version 1709 (Fall Creators Update). Now you can automate the installation of it using PowerShell. This script has been written to allow you to automate the deployment Windows 10 version 1709 (Fall Creators Update) using the latest available software including: Windows 10 x64 (version 1709) Microsoft Deployment Toolkit (MDT) build 8443 Latest available 2017 drivers for the Surface Pro Windows 10 ADK (version 1709) Windows Server 2016 Note: This is fully automated, and as this does install a Windows Deployment Services server role hosting a boot image, you should modify the script accordingly and test it thoroughly in a lab first. This script is tailored for one thing only, deploying Windows 10 x64 version 1709 to the Microsoft Surface Pro with all drivers loaded and MDT 2013 preconfigured. Download it and customize it to suit your needs for other hardware if you wish because what it does is pretty cool. This script performs the following actions:- Downloads and then Installs Windows ADK 10 (version 1709) if you have not done so already Downloads and then Installs MDT, if you have not done so already Downloads all required drivers for Microsoft Surface Pro if you have not done so already Imports the Windows 10 x64 (version 1709) operating system into MDT Imports the Microsoft Surface Pro drivers into MDT Creates Selection Profiles for Surface Pro and WinPE x64 Creates a Deploy Windows 10 X64 version 1709 task sequence Edits the Deploy Windows 10 X64 version 1709 task sequence and adds an inject drivers step for Microsoft Surface Pro Sets a WMI query for hardware detection for the Surface Pro on the corresponding driver step Injects the Microsoft Surface Pro network drivers into the LiteTouchPE_x64.wim Creates custom CustomSettings.ini and BootStrap.ini files Disables the X86 boot wim (as it is not needed for Surface Pro) Changes the Selection Profile for the X64 boot wim to use the WinPE x64 selection profile Installs the Windows Deployment Service role Configures the WDS role and adds the previously created LiteTouchPE_x64.wim Starts the WDS service so that you can PXE boot (UEFI network boot). All you have to do is download the script below, modify some variables, then place certain files in the right place such as the Windows 10 x64 Enterprise (version 1709) media. Please ensure you have a working DHCP scope on your Active Directory domain controller, then PXE boot a Microsoft Surface Pro and sit back and enjoy the show. Step 1. Download the script The PowerShell script will do all the hard work for you, it is in the Downloads section at the end of this guide, download it, unzip it and place it on the server that is designated to be the MDT server. Step 2. Configure the variables in the script Once you have downloaded and extracted the script, you need to configure certain variables interspersed throughout the script. I'll highlight the ones you need to edit. The most important of them is the $SourcePath variable (line 53) as this decides where to get the content from and where to store it. This variable should point to a valid drive letter, the folder name will be created if it does not exist. The $FolderPath variable (line 237) specifies the MDT Deployment share root folder for example C:\MDTDeploy. There are other variables to configure, for joining the Domain (lines 315-317) and then you need to configure how you actually connect to the MDT server from WinPE (lines 392-396) Step 3. Copy the Windows 10 x64 (version 1709) operating system files Mount a Microsoft Windows 10 x64 Enterprise (version 1709) ISO and copy the contents to $SourcePath\Operating Systems\Windows 10 x64\1709 as shown below Step 4. Optionally copy MDT, ADK 10, Surface Pro drivers This is an optional step. If you've already downloaded the above files then place them in the source folder, otherwise the script will automatically download them for you. Note: You do not have to do this as the script will download the content for you if it's not found. Step 5. Optionally copy your Applications to the respective folders This is an optional step. If you have apps like Office 365, copy them to their respective folders under Applications. If you do add any applications, you'll need to edit the corresponding section within the script for the CustomSettings.ini and replace the GUID for the App, these applications are remmed out with a #, as shown here (line 358) and here in line 294... Step 6. Run the script On the server that will become your MDT server, start PowerShell ISE as Administrator. Click on the green triangle to run the script. Below you can see the script has completed. After the script is complete, you are ready to test deploying Windows 10 version 1709 (Fall Creators Update) to a Microsoft Surface Pro. You can see that Windows Deployment Services is installed and that the ADK 1709 version of the MDT LiteTouch_X64 boot wim is already imported. This boot image also has the Surface Pro network drivers added. After opening the Deployment Workbench, you can see the Deploy Windows 10 x64 version 1709 task sequence is created The Surface Pro Inject drivers step is pre-configured for you and the WMI query for the hardware is also added on the options tab drivers specific to the Surface Pro for are imported into MDT Step 7. Sit back and watch the deployment Take a properly shutdown Surface Pro , and power it on using the following sequence. Hold the down volume key and then press the power button while continuing to hold down the volume key, it should PXE boot. Press enter when prompted before loading the boot image before prompting you for a computer name, note that it's currently set to SurfacePro in CustomSettings.ini contained within the script, you can change that behavior in the UI itself (CustomSettings.ini on the Properties/Rules of the DeploymentShare) or automate it via the many methods available such as those that Mikael describes here click Next and off it goes, with your customized Company name and after a while it's all done Troubleshooting If the script has issues starting WDS (and you see the error below) then restart the server, as you were asked to do at the end of the script ;-). If you cannot PXE boot, because WDS is not accepting connections (revealed by the PXE Response tab in WDS properties), then look for the following error in the scripts output: An error occurred while trying to execute the command. Error Code: 0x5 Error Description: Access is denied. If you see that error, then the user you are logged in as does not have sufficient permissions to configure WDS. To grant permissions to the Windows Deployment Server (MDT01) do as follows Open Active Directory Users and Computers. Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control. On the first screen of the wizard, click Next. Change the object type to include computers. Add the computer object of the Windows Deployment Services server, and then click Next. Select Create a Custom task to delegate. Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next. In the Permissions box, select the Write all Properties check box, and click Finish. Repeat the above process to grant appropriate permissions for the User who will run the PowerShell script Summary Automating the deployment of Windows 10 version 1709 (Fall Creators Update) to the Microsoft Surface Pro using PowerShell and MDT is easy when you know how. Downloads Download the PowerShell script contained in the ZIP file. Deploy Windows 10 Fall Creators Update to Microsoft Surface Pro with MDT - November 2017.zip

you would have to configure that requirement in Intune first, and then see how it's applied on a client computer, then and only then should you modify the MSI to match your requirements, I have not tested that scenario though but i'd be happy to help you with it

glad you got it resolved ! my messenger inbox was full, but i've emptied it now

i see the scaling is crazy in that screenshot, and i bet if you log off and log back on again it will look better, but alternatively you can adjust the dpi settings in the wrapper to fix this, if you want i can remote in via teamviewer and help you with this, just pm me your details

i guess you'll have to change the SKU to match the version you are installing as part of the installation, you can do that as documented here but i don't know if OEM is covered https://blogs.technet.microsoft.com/mniehaus/2017/10/09/changing-between-windows-skus/ can you please tell me what version of Windows 10 are you upgrading from (home/pro ?)

as regards the SUM collections they are just sample collections that you can use for Windows servicing or Software Update Deployment, you decide in relation to the DPI settings, you may need to adjust/change the values to suit the hardware that you have, I don't have access to every device so what I tested works for me on most devices, feel free to post your solution for those DPI's here for others and mention the hardware you tested it on thanks for trying it out and sticking with it ! cheers niall

ok, apologies for the delay my lab died and i had to re-import all my vm's but it's running again now and i tested the script, you got the buggy one (sorry), i've re-attached the working one, please try it out and let me know if there's any problems or questions, i've tested it in a CM environment with no extra collections added and it worked just fine as you can see below, give it a try ! cheers niall

what os are you upgrading from ?

well in my version it logs that it's deleting the scheduled task, when did you download the msi, perhaps you should retry the download

i'll look at the script tomorrow if i get time and provide feedback, it's a while since i wrote it, and... I recently added that script after making some changes to the wrapper, so i may have uploaded the wrong script, but basically the SUM collections are Software Update Management,