When you are frequently deploying devices without a build-in network device, like MS Surfaces, DELL XPS devices and tablets, you know the burden of using USB-Ethernet adapters. These devices have their own MAC-address and when used repeatedly, you constantly have to remove the old devices to add new devices for deployment. Before SCCM CB version 1610 you could add these MAC-addresses to the registry by adding them to “ExcludeMACaddress” under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Components \SMS_DISCOVERY_DATA_MANAGER
From CB 1610 on you can now add these USB-Ethernet adapters to the field “Duplicate hardware identifiers”. The idea behind this is that you don’t have to remove the devices, associated with certain USB-Ethernet adapters, anymore. Underneath a short tutorial on how to add MAC-Addresses to the “Duplicate hardware identifiers”
Step 1. Open your Systemt Center Configuration Manager console and go to “Administration > Overview > Site Configuration > Sites” and left-click on “Hierarchy Settings” in the ribbon.
Step 2. Click on the tab “Client Approval and Conflicting Records”
Step 3. Click on “Add” to add your MAC-addresses to the field “Hardware ID’s”.
Step 4. When you have added all your MAC-Addresses you can close all windows by clicking “OK”.
Now you can keep using your USB-Ethernet adapters without removing the old associations with the devices you used them on before.
Any questions or comments, please post them below! Happy deploying!!
A new month, a new technical preview and new thoughts!
It is probably needless to say but “Do NOT install technical previews in your production environments!!”
Technical preview 1702 introduces a new option in SCCM to send feedback or do feature requests. The home ribbon will have a feedback option but you can also klick on any object in the console. When clicking on feedback, a browser will open a link to the System Center Configration Manager Feedback site. Does this add any value to SCCM? No I do not think so! although it will be a lot easier to send feedback to Microsoft. I just hope it will not be used as a place for bashing whenever things go wrong.
Updates and Servicing:
With 1702 they have simplified the updates and servicing view. When SCCM is more than two (or more updates) behind ‘Updates and Servicing’ will only show the most recent version available. Every new update contains all previous updates so in my opinion this is a great feature. Off course you will still be able to download more previous versions but you will get a warning that it is super-seeded by a newer version. The most recent update will be downloaded automatically when available while older updates, also when not used, will be automatically deleted from the ‘EasySetupPayload’ folder.
Peer Cache improvements:
From now on, a peer cache source computer will reject a request for content when the peer cache source computer meets any of the following conditions:
- Is in low battery mode.
- CPU load exceeds 80% at the time the content is requested.
- Disk I/O has an AvgDiskQueueLength that exceeds 10.
- There are no more available connections to the computer.
I really like these new settings! They will give us more control over when devices are available for peer caching. You simply don’t want to encumber systems which are low on resources. This way your are more likely to use peer caching.
Use Azure Active Directory Domain Services to manage devices, users, and groups:
With this technical preview version you can manage devices that are joined to an Azure Active Directory (AD) Domain Services managed domain. You can also discover devices, users and groups in that domain with various Configuration Manager Discovery methods. At the moment I am not using Azure AD in combination with SCCM but this is great feature for people who are working with Azure AD.
Conditional access device compliance policy improvements:
This feature only applies to iOS and Android devices. This will help organizations to mitigate data leakage through unsecured iOS or Android apps. You have to configure the apps in a non-compliant list yourself. It will block access to corporate resources that support conditional access until the user has removed the app. Downside is that you will need to determine and configure the apps by yourself. If you are not aware of the app that could be leaking data, this feature won’t help you much. But it will certainly help blocking certain apps which you don’t want to be installed on your corporate iOS or Android devices. For example when a app uses excessive data consumption.
Antimalware client version alert:
When 20% (default) or more of your managed clients is using an outdated version of anti-malware (Windows Defender or Endpoint Protection client) Configuration Manager Endpoint Protection will generate an alert. Great feature when u are using SCEP or Windows Defender in your environment. I wonder how this is measured and in which time frame will a client be marked as outdated?
Compliance assessment for Windows Update for Business updates:
I am not going to explain what ‘Windows Update for Business Updates’ is. Therefor I would like to point you to the following technet article. From this technical preview on you can now configure a compliance policy update rule to include a Windows Update for Business assessment result as part of the conditional access evaluation.
Important: You must have Windows 10 Insider Preview Build 15019 or later to use compliance assessment for Windows Update for Business updates.
Improvements to Software Center settings and notification messages for high-impact task sequences:
This release includes the following improvements to Software Center settings and notification messages for high-impact deployment task sequences:
- In the properties for the task sequence, you can now configure any task sequence, including non-operating system task sequences, as a high-risk deployment. Any task sequence that meets certain conditions is automatically defined as high-impact. For details, see Manage high-risk deployments.
- In the properties for the task sequence, you can choose to use the default notification message or create your own custom notification message for high-impact deployments.
- In the properties for the task sequence, you can configure Software Center properties, which include make a restart required, the download size of the task sequence, and the estimated run time.
- The default high-impact deployment message for in-place upgrades now states that your apps, data, and settings are automatically migrated. Previously, the default message for any operating system installation indicated that all apps, data, and settings would be lost, which was not true for an in-place upgrade.
This is simply awesome! I believe that user communication is a key feature for a successful deployment of software, applications and releases. For complex updates I always use the Powershell App Deployment Toolkit and all of its nice features. But for more straight forward and simple deployments, which will need less communication, I can use this new feature. Hopefully they will expand it with more possibilities in the near future.
Check for running executable files before installing an application:
Again this is a great new feature which they added, too bad its only for applications in some scenarios I still use packages. But nevertheless this is a great feature which I will be going to use on a frequent base! I always had to use scripts or the Powershell App Deployment Toolkit to achieve this, this will save me a lot of work in the future! Hopefully they will expand this feature in the future for packages and task sequences and maybe add a message. A nice addition to this will be to let the users decide themselves if they want to close the process/executable before continuing or if they want to delay the installation until a pre-defined deadline.
Well these were my first thought on SCCM CB technical preview 1702 this month and I will be continuing my ‘first thoughts’ on all upcoming technical previews. If you have any thoughts yourself or any questions please post them below in the comment area.
A few days ago Microsoft made technical preview 1701 for SCCM available for download. Here are my first thoughts on this technical preview (TP).
Boundary groups improvements for software update points
In CB 1610 Microsoft introduced important changes to boundary groups and how they worked with Distribution Points. With TP 1701 they are taking it a step further by adding the Software Update Points role. With TP 1701 you will be able to manage which SUP a client can use and which SUP’s it can use as fallback depending on which DP it’s connected to.
Please take note that the fallback time is not yet fully supported therefor it can take upon 2 hours before a client will use it’s fallback SUP.
This feature will be more than welcome for a client I am working with at the moment. They’ve got multiple DP’s across the country with slow WAN’s The possibility to decide which boundary group is using which SUP and fallback SUP will be a great addition.
Hardware inventory collects UEFI information
This new feature is enabled by default when TP 1701 is installed. A new inventory class (SMS_Firmware) and property (UEFI) will be filled. The UEFI property will be set to TRUE when a computer is started in UEFI mode. This will probably be useful in some circumstances when u want to know if a device or more devices use UEFI or Legacy BIOS to boot up.
Improvements to OS deployment
Microsoft listened to the community for most of these improvements. Lets see what they are and what they can do for us.
- Support for more application for the install Application task sequence step:
The number of applications you can add to this step have been increased to 99 applications. Previous count was 9 applications. I still prefer using packages for my task sequences so as long as we can still use packages I probably won’t be using applications within my OSD task sequence. And I’ve never been in the situation that I needed to use them in my task sequence. That said I believe for those who do and maybe for future use it’s a good improvement.
- Expire standalone media:
It will be possible to optionally set start and expiration dates when you create standalone media. This will be needed when you want to expire certain deployments through standalone media when you don’t want the media to be used after and before a certain date. I don’t use standalone media that much but I can imagine it ill be useful when for example deploying certain software or operating systems for a specific time frame and you don’t want it to be used in a later stadium or before a specific date.
- Support for additional content in stand-alone media:
It used to be only possible to add content which was referenced to the task sequence while creating standalone media. With TP 1701 it will be possible to add additional packages, driver packages and applications on the media. This could come in handy when u want to launch additional software and/or scripts after the task sequence is ended. I can imagine combining this with a script launched by the “SMSpostAction” feature which was added in SCCM 2012 R2 a while ago. I wrote a blogpost (link) about this variable which you can set during your task sequence.
- Configurable timeout for Auto Apply Driver task sequence step:
I almost never use the step “Auto Apply Drivers” within a task sequence. I prefer using a tool from the hardware supplier for installing drivers. This way the drivers are installed the way it’s meant to be installed by the supplier. Most big hardware suppliers like DELL, HP and Fujitsu have their own SCCM or command line tooling for installing their drivers. But if you don’t have a choice and/or you prefer to use this step Microsoft added a foursome variables to timeout this step, values are in seconds.
- SMSTSDriverRequestResolveTimeOut Default: 60
- SMSTSDriverRequestConnectTimeOut Default: 60
- SMSTSDriverRequestSendTimeOut Default: 60
- SMSTSDriverRequestReceiveTimeOut Default: 480
- Package ID is now displayed in the task sequence step:
Any task sequence step that references a package, driver package, operating system image, boot image, or operating system upgrade package will now display the package ID of the referenced object. When a task sequence step references an application it will display the object ID. This is a great feature, I really love this. This will make troubleshooting the task sequence easier and its just a small change. You don’t have to search for the specific ID first before you go search in your logs. I see myself combining this with the variable “SMSTSErrorDialogTimeout” set to 0 (forever) so I can quickly see which package/object ID is involved when my task sequence is failing.
- Windows 10 ADK tracked by build version:
For example if the site has Windows ADK for Windows 10, version 1607 installed, you won’t be able to edit boot images other than 10.0.014393 in the SCCM console. I can imagine that this will become less practicable when you want to troubleshoot with different versions of boot image versions.
- Default boot image source path can no longer be changed:
I always use custom boot images and it will still be possible to adjust the source path for custom boot images. I see no problems with this adjustment and I think it will be a nice addition that you can always find your default boot images on a fixed location.
Host software updates on cloud-based distribution points
Since you can download software updates directly from Microsoft Update this new feature isn’t that appealing. But I believe the feature set for cloud-based distribution points will grow in the near future and it will become more practicable to use cloud-based distribution points in the future.
Validate device health attestation data via management points
“Beginning with this preview version, you can configure management points to validate health attestation reporting data for cloud or on-premises health attestation service. A new Advanced Options tab in the Management Point Component Properties dialog box lets you Add, Edit, or Remove the On-premises device health attestation service URL.”
I haven’t used DHA before and it was first introduced in Windows 10 version 1507. For more information about DHA I suggest to read the following Microsoft Article (link).
Use the OMS connector for Microsoft Azure Government cloud
With this technical preview, you can now use the Microsoft Operations Management Suite (OMS) connector to connect to an OMS workspace that is on Microsoft Azure Government cloud. I love OMS, nothing more to add.
Android an iOS versions are no longer targetable in creation wizards for hybrid MDM
Beginning in this technical preview for hybrid mobile device management (MDM), you no longer need to target specific versions of Android and iOS when creating new policies and profiles for Intune-managed devices. Instead, you choose one of the following device types:
- Samsung KNOX Standard 4.0 and higher
It’s always nice to see things get more simplified and this is one of them!
Source and more information: https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1701
New Project VRC research tests relative impact of Office 2013 against Office versions 2007 and 2010
Madrid – Amsterdam, June 25, 2013 – Today, at TechEd Europe 2013 in Madrid Spain, Project Virtual Reality Check (Project VRC) announced the release of a new white paper about the relative impact of Microsoft Office on the performance of VDI based user environments.
Microsoft Office is the most used application suite in the corporate environment. The goal of this new white paper was to investigate and document the VDI performance impact of Microsoft Office 2013 in comparison to the previous two versions of Microsoft Office, 2007 and 2010.
The comparison of Office 2007 with Office 2010, showed only a 1% performance difference in favour of Office 2007. The comparison of Office 2007 and Office 2013 showed a significant performance decrease of over 20%. This leads to the conclusion that to maintain the same performance levels with the newest version of Microsoft Office, about 20% more infrastructure capacity may be needed.
Office 2013 also consistently uses more CPU and over 272% more memory than Office 2007. In comparison, Office 2010 only uses 26% more memory. Optimizations such as turning animations and hardware graphics acceleration off did not influence the performance in any way.
Another key finding published in the white paper is that running x64 versions of Windows and Office will have substantial impact on Storage IOPS and memory footprint in comparison to x86 versions.
Jeroen van de Kamp, CTO of Login Consultants: “Many organizations are considering upgrading to Office 2013. To help them to make the correct decisions in the upgrade process, we wanted to provide independent insight in the VDI performance impact of this new Microsoft Office version.”
Ruben Spruijt, CTO of PQR: “The goal of project VRC is to provide objective test data that will benefit the VDI and Server-Based Computing industry and end-user organisations. We recognise that every production environment is different. We therefore highly recommend to test the performance impact of Office 2013 in your own environment, before deployment.”
Project ‘Virtual Reality Check’ (Project VRC) was started in 2009 by SBC and VDI specialists PQR (www.pqr.com) and Login Consultants (www.loginconsultants.com) and focuses on independent research in the desktop virtualization market. Several white papers were published about the performance of different hypervisors, application virtualization solutions, Windows Operating Systems and antivirus solutions.
All Project VRC tests are performed with Login VSI (www.loginvsi.com). This vendor independent tool simulates realistic user workloads to objectively test the performance and scalability of VDI and Server Based Computing environments. The full test methodology used is described in the white paper.
This and all other Project VRC white papers can be downloaded for free at www.projectvrc.com. To keep up-to-date with the latest developments you can follow Project VRC on Twitter @ProjectVRC.
PQR is the specialist for professional IT infrastructures with focus on safe and manageable availability of data, applications and workstations with optimal user experience. PQR provides its customers with innovative IT solutions that ensure optimal application availability and manageability, without complex processes. Simplicity in IT, that’s what PQR stands for.
PQR focuses on four main themes:
– Data & System Availability
– Application & Desktop Delivery
– Secure Access & Secure Networking
– Advanced IT Infrastructure & Management
PQR was founded in 1990, is located in De Meern, The Netherlands, and has over 100 employees. In the fiscal year 2011/2012, PQR achieved a turnover of € 94.9 million and a net profit after tax of € 4.6 million.
About Login Consultants
Login Consultants is an independent international IT service provider specialized in End User Computing. We help our clients in finding the optimal balance between IT control and end user flexibility. Our goal is an innovative and unique solution, which simplifies future change. Our success with our customers is built on the quality of integration combined with a smart migration approach and the manageability of the solution after deployment.
Login Consultants has an experienced team with over 150 specialists in The Netherlands, Belgium and Germany. Our consultants have accreditations from Microsoft, Citrix and VMware, and are regularly invited to speak at national and international events. They are involved as experts in online and printed IT publications and actively participate in relevant technical blogs.