Peter33

We are using AD Groups to cover this scenario. The AD groups are filled with the machine accounts by a 3rd party Asset/Shop Software. The installation collections are simply mirrors of the AD groups. For the uninstall we have seperate collections which query machines which have the software installed but are not memebr of the corresponding AD Group.

Namespace: root\cimv2\sms Select * From SMS_InstalledSoftware Where ProductCode = '{XXXXXXXXXXXXXXXXXXXXXXXXXX}' in SCCM 2012 ProductCode is replaced by SoftwareCode (for whatever reason)

Here you go ... Create a new application and chose the manual option Fill the application informations with something useful Make sure the localized app name is filled properly. That's what's shown to the use in the software center Here click "add", to create a new deployment type As type chose "script installer" Add the source location and the installation command. It's recommended also to add a working uninstall command to support a later supersedence. This is most important. Create a proper detection methode. The most practicable way is to use the Product ID of the program. Some do not supply one though, like 7zip 32 Bit. There you can go for the registry entry of the uninstall section. In the next step you can define some requirements. I am always defining the supported operating systems here.

You need to create single packages for each language pack. The packages have to include only the cab files. But the files have to be placed in the root directory of the package. So in your case the source directory should read as \\server\packages$\languages\de-de\

Check for some leftovers of SCEP in the registry of the client HKLM\software\microsoft\windows\currentversion\uninstall. If there is nothing uninstall the SCCM Client, reboot the machine, and then remove the registry key HKLM\software\microsoft\sms.

I managed to run it successfully on the 5th try. Always had an access denied error (5) for the IE9 Patch from last patch tuesday. No clue why. The antivirus exception for the offline servicing folder is set, so it should'nt been cause by the AV. After the service window server reboot at the weekend it worked for some strange reason.

Your welcome, the date is a filter to select all updates <= this date. So it excludes all updates newer than the date. Hope that makes sense to you.

Hi folks, did anyone successfully run the offline servicing for Windows 7 Professional x64 after 2013/2/12 Patch Tuesday? Every other OS image runs fine. Only this one fails and is undeployable after it. Even a fresh one with no patches applied does not succeed.

Which account are you using for push installations? The local Administrator? I have not seen this behaviour yet, but we are using an AD account and the group it belongs to will be added to the local admin group as one of the last steps in the TS. So this might explain that i have not seen this before.

All right, mission impossible to get a proper name for this string since this is hard coded and not configurable by any command line options.

All right, here is a quick and dirty SQL report, which shows you all missing updates for all machines. Just replace the date value. SELECT v_R_System.Name0, v_Update_ComplianceStatus.Status, v_UpdateInfo.BulletinID, v_UpdateInfo.ArticleID, v_UpdateInfo.Description, v_UpdateInfo.Title, v_UpdateInfo.DatePosted FROM v_R_System INNER JOIN v_Update_ComplianceStatus ON v_R_System.ResourceID = v_Update_ComplianceStatus.ResourceID INNER JOIN v_UpdateInfo ON v_Update_ComplianceStatus.CI_ID = v_UpdateInfo.CI_ID WHERE (v_Update_ComplianceStatus.Status = 2) AND (v_UpdateInfo.DatePosted <= CONVERT(DATETIME, '2013-01-01 00:00:00', 102))

Hi juha, even if the machines are not properly patched, you can still apply all needed patches. Just create full update packages with all available patches for the needed products. So that's probably. Windows 7 Silverlight VC++2005 VC++2008 VC++2010 Office 2007 Office 2010 Service packs for the products should be managed with seperate update packages. I never include them in the standard packages. Your goal is to get a fully patched system. So you should'nt worry to much about the status before applying the patches. ( Sounds like some sort of management request ) Anyways, you can still copy the overall compliance report and modify it with the report builder. Just add another filter which points to the release date of the patches <=. This still requires that your machines are already receiving the policy from your new SCCM environment and have performed at least one update scan cycle against the SCCM WSUS database.

Of course, here is an example how to skip the installation if a blocking condition process is running.

Did you upgrade to SP1 already? This will improve the OSD performance a lot. You can also allow clients to contact your distribution point anonymously, which will reduce the connection attempts during the deployment. Since SCCM packages are stored as BITS files on the DP this is a big performance killer if not set. If you chose to store your packages according to the old storage model it will give you an additional boost for big sized files.

You can simply use cmd /c rd "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight" /S /Q as command line. .. And this Powershell script as detection rule. if(!(Test-Path -Path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight")){ echo $true } For operating systems older than Windows 7 you will need a second deployment type with custom path.

I would not suggest to modify the source packages. Just create a hidden application which deletes the shortcuts if they are present. Quick, easy and dirty.

You can use the default overall compliance report for this task.

The partition label is neither the problem. Just the bitlocker drive label wich is a combination of computername and partition label. The bitlocker drive label is shown in the PIN dialog after booting the machine. That's where the users read the machine name from if the help desks asks them, in case they forgot their PIN.

Ther recovery key is not the problem. It gets stored in the AD during the "enable bitlocker" step, which is one of the last steps in the sequnce, where the name is already properly set. The Disk Label name is set when the disk encryption starts and contains the computer name. The only solution would be to change the computer name during the PE phase, which is not possible as far as i know.

All right, i have successfully integrated that to our Windows 7 deployment sequence. I love it. it's pretty quick. The only problem i have is that the drive label is set to MININT-XXXXXXX, bacause the computername is not set while the encryption starts. Is there any way to avoid this?

Create a configuration text file with these two lines and then run the diskpart command. select disc 0 clean Another option is to use MDT 2012. If you create a new MDT task sequnce you will get a dynamic disk partitioning section which also includes the handling of new empty disks.

There are several ways to deploy dependant programs. - chain the programs in order of dependancy through the program itself by the option "run another program first" - batch files or scripts : if you use this make sure to apply some error handling logic. For batch file something like "if %errorlevel% NEQ 0". easier to handle with powershell or vbscript though. - task sequnces: they can get tricky when the program requests a restart You should also think about writing log files suring the installation for trouble shooting.

I only wish that there would be an option in the task sequence properties to apply this setting for all dependant packages. That's where it belongs to from my point of view.

Did you forget to add silent switches - /q - to the command lines ?

If you use different boot iamges for your task sequences, you also need to add a mandatory reboot ro PE as first step to your sequences.