Rocket Man

If you are not implementing WSUS then why do you not install these updates in you master image before you capture it and redeploy, would make alot of sense to do this initially considering your infrastructure and it would only require you to do it the once also, instead of every instance of the thin image!! The sysprep may wipe some updates but not a whole big pile, if any!

Do you mean create a SUG first then a deployment package? This will leave it that the Deployment Package will only have the updates that you have specified and will never pull down any new ones automatically into it. With an ADR you have evaluation cycle, filters, deployment all automated and depending on what filters you specify depends on what new updates gets automatically added to the deployment package and deployed at specified times i:e monthly, weekly, daily. This is all automated and the best way to do it!!

What are your issues? and what makes you think it is the client that is causing them? The client will install the correct version of itself depending on the OS flavour it is targeted at(x86-x64). The installation is intelligent enough to do this. By this do you mean automatic client push or the version install? If it is client push then no it does not have to be automatically pushed or installed automatically in any way, this setting can be turned off if using client push method which will allow you to target specific machines yourself!!

Variables on collections and TS groups? http://www.windows-noob.com/forums/index.php?/topic/7198-wmi-question/?hl=%2Bcollection+%2Bvariables#entry27210 This way you could just have 1 Task sequence, and let your collection variables do the work for you!! try it with 2 collections first to make sure it works before creating the rest of the collections!

did you change the boot.wim in your TS to the new one?

Also just on the topic of FEP with SCCM 2012 SP1, I also notice that any collection that has the custom policy deployed to it automatically gets added to the FEP dashboard!

The easiest/quickest way is to create a capture media iso, not build and capture as this can be a slow process by times depending if successful or not. Build your custom image on a VM and attach the iso capture image, punch in the required credentilas and the rest is all automated.. Then you will have a wim file that when deployed it will install on the C: partition. the link below may help you unsderstand why it installs on the D: drive an not C: http://blogs.technet.com/b/inside_osd/archive/2007/08/08/why-does-vista-end-up-on-the-d-drive.aspx

Have you created the configMgr client from definition and distributed it to your DPs?

Where did you get the driver package from? Is it an intel or broadcom NIC card that you have currently got active? have you got both NIC driver sets packaged for this model?

Good stuff, after browsing to this key I can see the policies that have been applied, it is all good so then! cheers Niall

Ok i am not alone on this one, it was driving me nuts as my non-SP1 sites are showing the correct policies in both console and registry on local machine, but not SP1.. http://social.technet.microsoft.com/Forums/en-GB/FCSNext/thread/4ff3da21-03bb-4a75-b85c-6090c1f03375 maybe there will be a solution soon, but it will only be a cosmetic solution to change the default antimalware policy on the client to show the custom antimalware policy!!

Have you checked your WSUS SQL log? It will be in the SQL folder/Logs in the program files folder of your server. The log to check will be the log that is named ERROR.log (this will be the newest log) Could be something in there worth investgating,,, But as you say all is working regardless(not much point fixing something that isn't broke)

Have you tried simply changing PXE response times, so Leave 2012 at 0 and modify 2007 PXE server to 5 seconds? Also are there any DHCP options on the DHCP server 60,67 configured from your old 2007 server? maybe the boot server hostname(60) is pointing to incorrect server??

I had a similar experience with a specific model of machine, not DELL. I had to download the drivers manually test them and then package them. The machines would boot no problem and at the apply drivers task it would stop at the correct package and apply. I also had quite a bit of software to apply also which was part of the TS, but after the setup windows & configMgr task it would bomb out. Once loaded into the OS it was apparent what was happening, the NIC drivers did not get applied, so thus no connection to the content shares for software(Strange) I decided just to manually add the specific NIC drivers to the boot.wim(even though they were already booting). After I did this they still booted, still picked up the driver package, but this time successfully applied the NIC drivers so my software was installed etc etc.. It is strange as to why doing this solved my problem as I thought that injecting drivers into the boot.wims is only to get a successful boot at PXE time?

Try reseating the RAM on the problematic machine!

Have you injected the NIC drivers for these models into the boot.wim that you are using?

Ok back to basics(Another admin had removed the deployment of this policy from the collection , once deployed out again the machines are now showing that the Custom Antimalware Policy has succeeded, but still on the clients when I open up About System Center it still says that the policy applied is the default policy.

You have used a WMI query for these models in the driver package properties in the TS?

Does anyone else have the same problem as I do. I had noticed this in my test setups also and really thought the issue would have had been resolved in RTM sp1. I create a custom antimalware policy and deploy it. The FEP client is installed successfully. If I check about system Center Endpoint Protection it still shows up as the default antimalware policy. The strange thing is though if I change a setting on my custom policy like the scan time and force a machine policy and retrieval it changes to the time I set, so it must be getting the custom policy but reporting false. Also when I check the Antimalware policies tab on any of the systems it shows that the default client antimalware policy is successful and the custom has not reported as successful just blank in the policy application state. See below: Anybody else having similar issues? Thanks

WMI can be opened on the firewall on the target machines.

Is your client push account a member of the local administrators group on the target systems? If the firewall is disabled there is no need to enable anything else, as all ports will be opened regardless. If the firewall is enabled you need to make sure that both file&print and WMI are enabled as a rule on the systems firewalls!

So you are creating 4 Deployments just to get 1 package deployed? This is a bit tedious, just create the batch file as forementioned and have 1 program with the name of the batch file as the command line. This way you only need advertise/deploy it once, much more efficient!! This is how I achieve my iTunes deployment!!

If it is a query then all you have to do is type the name of the query that is giving you the error "A query with this name already exists" into the search bar on the main query node(the root) and press search! Is this what you are looking to achieve? EDIT: Just seen the folder structure, the above will not be able to search into sub folders directly from the root.

You could Create a batch file for this deployment and use this as the command line i:e install.bat The batch file would look like this: @Echo Start /Wait msiexec /i "AppleApplicationSupport.msi" /q Start /Wait msiexec /i "AppleMobileDeviceSupport.msi" TRANFORMS="AppleMobileDeviceSupport.mst" /q Start /Wait msiexec /i "Bonjour.msi" TRANFORMS="Bonjour.mst" /q Start /Wait msiexec /i "iTunes.msi" TRANFORMS="iTunes.mst" /q @Exit To get it to install correctly put a start /Wait command in front of the first 4 msi's, the next program in line will not start until the previous one has finished installing!! Just place the batch file in with the other files and use nameofbatch.bat as the program command line!!

Even though machines do not have client installed, a quick way to show you the windows 7 machines in your environment that have no client is to go to the all systems collection. Step1:Right click on the description bar i:e Icon, Name, Client type, etc.. and this will allow you to add more attributes, one been operating system. Add this also to the description bar and this will then populate with the operating system version on all your systems. Now to get the windows 7 machines that have no client: Over to the right you will see add criteria.......select this and add operating system and also add client to the equation: Now in the operators on the operating system criteria select equals and type in the description that has been populated from step1 i:e for windows7 the description would be Microsoft Windows NT Workstation 6.1 and in the client criteria select NO Now simply press search this will then bring into view all your windows7 systems that have client no, you can save this search, so that when you start pushing out the client you can repeat these steps and compare the initial search to the new search, hopefully all going well you should see less and less windows 7 machines without the client as time go's by!!