Network Access Protection (NAP) with System Center 2012 Configuration Manager

June 2, 2013, 7:02 pm

≫ Next: Managing Mac OS X with System Center 2012 Configuration Manager

≪ Previous: Steps to make USB Drive Bootable for SCCM

Network Access Protection (NAP) with System Center 2012 Configuration Manager

I am going to document (with screen shots) how to integrate System Center 2012 Configuration Manager with Microsoft Network Access Protection (NAP). All Servers are running Windows Server 2012 and clients are Windows 8.

There are different ways to implement NAP:

I setup a basic NAP implementation using DHCP Enforcement. The NAP DHCP server is running on a Windows Server 2012 Domain Controller with the DHCP server role installed along with Network Policy and Access Services Role. The NAP DHCP server restricts noncompliant client access by providing a limited IP address configuration to computers that do not meet health requirements. A limited access configuration has a subnet mask of 255.255.255.255 and no default gateway.

I will not go into detail on how to setup NAP, but here is a screen shot on how to enable it on DHCP. I also set a DHCP Policy to enable User Class for NAP and MAC Filter so I can target only a couple of machines in my lab environment.

Now for Configuration Manager integration...

Step 1:Install System Health Validator Point:

A System Health Validator point validates Configuration Manager Network Access Protection (NAP) policies. It must be installed on a NAP health policy server. In my lab environment, I installed the System Health Validator Point on my Domain Control that is also my DHCP and Network Policy and Access Server.

There are no properties to configure for this site system role. Configure the System Health Validator point component configuration for settings that apply to all System Health Validator points in the site.

Step 2: Enable Network Access Protection on clients:

I created a separate Client Agent Policy that enables NAP. Then deployed it only to my Windows 8 Systems Collection. Here is a screen shot:

Step 3: Configure Site Component (optional)

There are a few Component properties that can be adjusted: Active Directory query interval (minutes), Statement of health time validation (hours) and Designate an Active Directory forest in different. In my lab environment, I left the default settings. Screen shot below:

Step 4 (Final Step): Enable Software Updates for NAP Evaluation

Select 1 or more Software Updates (hold down control key) from a Software Update Group and/or Software Update Deployment Package, click the NAP Evaluation Tab and select to enable NAP Evaluation.

I then deployed Software Updates to Windows 8 System Collection. I marked the Deployment as Available to help with Screen Shots and Demos from the Client Side.

Windows 8 Client experience...

On the Windows Client system, I setup the Network Access Protection Service to Automatic and started the service. I have enabled Windows Security Health Agent (SHA) to check the following:

Firewall Settings

A firewall is enabled for all network connections

Antivirus Settings

An antivirus application is on
Antivirus is up to date

Spyware Protection Settings

An antispyware application is on
Antispyware is up to date

I did NOT enable the following (these will be handled by System Center 2012 Configuration Manager):

Automatic Updates Settings

Security Updates Settings

These settings are configured on the Network Policy Server, screen shot below:

I have enabled Configuration Manager 2012 System Health Agent (SHA) to check the following:

Software Updates:

Security Update for Microsoft Windows (KB2830290)
Security Update for Microsoft Windows (KB2829361)
Adobe Reader 10.1.7 Update*
Adobe Flash Player 32-bit/64-bit ActiveX 11.7.700.202*

*I have installed and configured System Center Updates Publisher 2011 to integrate with Configuration Manager. Now I am able to add 3rd Party Updates to the NAP Policy (i.e. Adobe Reader, Flash, etc...)

The default settings for NAP Enforcement on Non-compliant systems is "Allow limited access". Non-compliant clients are allowed access only to a restricted network for updates. I configured my Remediation Server Group to include Network Policy Server and Configuration Manager Server. This way, clients can still access Remediation Servers while having limited network access.

However, for demo purposes, I checked "Allow full network access" for Non-Complaint Systems. That is why the screen shot below will show "You have full network access"

Windows Security Health Agent is unsuccessful because I have disable Windows Firewall. You can have NAP Automatically Remediate the firewall if it is not enforced by Local or Domain Group Policy.

Configuration Manager 2012 System Health Agent is unsuccessful (non-compliant) because I uninstalled Security Update KB2830290. The first time I logged in with NAP enabled, Configuration Manager automatically installed the Security Updates to make the client Compliant. I went back and manually removed the Update so NAP will report Non-Compliant for this screen shot.

Monitoring

And finally, all Network Access Protection can be monitored from Configuration Manager Reporting. You can sort by Category - Network Access Protection and there are 13 built-in reports.

↧

Managing Mac OS X with System Center 2012 Configuration Manager

June 2, 2013, 7:04 pm

≫ Next: Microsoft Desktop Optimization Pack (MDOP) 2013 overview by versions

≪ Previous: Network Access Protection (NAP) with System Center 2012 Configuration Manager

I am going to detail some of the scenarios on managing Mac Computers with System Center 2012 Configuration Manager.

Key links to get started:

You can download the Mac Client from - http://www.microsoft.com/en-us/download/details.aspx?id=36212

The following Mac versions are supported in this release:

Mac OS X 10.6 (Snow Leopard)
Mac OS X 10.7 (Lion)
Mac OS X 10.8 (Mountain Lion)

How to Install Clients on Mac Computers in Configuration Manager - http://technet.microsoft.com/en-us/library/jj591553.aspx which includes the following steps:

Steps to install and configure Site Server Roles to support Mac Clients

Management point
Distribution point
Enrollment point
Enrollment proxy point

Steps to install Client on Mac Computers

Installing the client
Enrolling the client
Upgrading the client
Uninstalling the client

Here is a screen shot of the Mac Client:

The Mac Client can be configured using Client Agents Settings: Enrollment (Default Client Settings), Computer Policy, Compliance Settings and Hardware Inventory.

Here are some of the features that Configuration Manager supports on Mac computers with screen shots:

Discovery– Discovers Mac OS X system in Active Directory and through network discovery

Hardware Inventory– Provides hardware inventory and auditing of computers running Mac OS X, including a list of installed software similar to add/remove programs for Windows systems.

Settings Management– Ensures computers running Mac OS X comply with company policies using scripts and preference list management.

This is an example and screen shots for Detecting if Security Update is applied. Create necessary Compliance Items, add them to a Baseline, then deploy Baseline to a Mac Collection(s).

Image below is a screen shot of Configuration Item Setting to detect if Security Update 2013-001 (Lion) is installed. You can get the Application ID from Package or get Application ID and Key from the installation XML file using pkgutil command.

Configuration Item Rule to report if Security Update 2013-001 (Lion) is NOT installed and create a Noncompliance Severity Warning for Reporting.

I also created Compliance Settings to detect if System Center 2012 Endpoint Protection for Mac is installed and another to detect if it is running. You can create Compliance for just about anything using a Shell Script and/or Preference List.

Application Deployment– Distributes required software via app model.

To create an application, you have to run the CMAppUtil on a Mac Computer to create the .cmmac file. In my example, I created an Application package for System Center 2012 Endpoint Protection. Once the package is created, you can import it using Application Model in Configuration Manager Console.

Configuration Manager does not support the deployment of Mac applications to users; these deployments must be to a device. For more information on deploying Software to Mac Computers, please visit How to Create and Deploy Applications for Mac Computersin Configuration Manager - http://technet.microsoft.com/en-us/library/jj687950.aspx

You can create a Device Collection based on Operating System by using the following: Mac OS X%, Mac OS X 10.7%, or ClientEdition = 5 in your query.

Here is a picture of what the Mac User will see when deploying software:

Software Updates Management– Distributes patches utilizing Software Distribution and Settings management features.

There are a couple of way to accomplish this. Create the software update packages using CMAppUtil, import them into Configuration Manager Application Model and then use Compliance Settings to detect if they are installed and remediate if desired.

Another option is to use the built-in command softwareupdate on Mac Computers.

NOTE: I have not finished testing this, but this is what I am targeting...

You can use a Discovery Shell Script to run softwareupdate -l | grep 'update' - (Update - the script is taking too long and timing out, set the script to run on a set schedule and not during the client connect).

and

Then use a Remediation Shell Script to run softwareupdate -i -a (or other appropriate switched).

Finally, set the Compliance Rule to look for The value returned by the specified script: Contains "No new software available"

Reporting - You can report and monitor all the features listed above using standard reports and built-in monitoring tools in Configuration Manager Console.

Internet-Based Client Management - Internet-based client management allows you to manage Mac clients when they are not connected to your company network but have a standard Internet connection.

Log Files - Log file for Configuration Manager client for Mac computers records information in the following locations:

Log name	Details
CCMClient-<date_time>.log	Records activities that are related to the Mac client operations, which includes application management, inventory, and error logging. This log file is located in the folder /Library/Application Support/Microsoft/CCM/Logs on the Mac computer.
CCMClient-<date_time>.log	Records activities that are related to the Mac client operations, which includes application management, inventory, and error logging. This log file is located in the folder /Library/Application Support/Microsoft/CCM/Logs on the Mac computer.
CCMAgent-<date_time>.log	Records information that is related to client operations, which includes user logon and logoff operations and Mac computer activity. This log file is located in the folder ~/Library/Logs on the Mac computer.
CCMNotifications-<date_time>.log	Records activities that are related to Configuration Manager notifications displayed on the Mac computer. This log file is located in the folder ~/Library/Logs on the Mac computer.

Additionally, the log file SMS_DM.log on the site system server records communication between Mac computers and the management point that is enabled for mobile devices and Mac computers.

↧

Microsoft Desktop Optimization Pack (MDOP) 2013 overview by versions

June 4, 2013, 9:42 pm

≫ Next: Configuration Manager 2012 – Reporting on Visual Studio Licenses

≪ Previous: Managing Mac OS X with System Center 2012 Configuration Manager

The Microsoft Desktop Optimization Pack (MDOP) is a portfolio of technologies available as a subscription for Software Assurance customers. MDOP helps to improve compatibility and management, reduce support costs, improve asset management, and improve policy control.

Here is a list of the latest MDOP Technologies and supported client operating systems. I am only listing the last two versions of each product and not defining the service pack level requirements for each client.

Microsoft BitLocker Administration and Monitoring (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.

Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface that you can use to manage BitLocker drive encryption. In BitLocker Administration and Monitoring 2.0, you can select BitLocker drive encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.

MBAM 2.0 supports Windows 7 and Windows 8

MBAM 1.0 supports Windows 7

Microsoft Application Virtualization (App-V) transforms applications into centrally managed services that are never installed and don’t conflict with other applications.

With App-V 5.0, virtual applications work more like traditionally installed applications. Virtual Applications leverage Windows standards for a consistent user experience. Businesses can connect separately packaged App-V applications, enabling them to communicate with each other and with traditionally installed applications. This gives businesses the best of both worlds, providing isolation – reducing conflict and time spent regression testing – yet allowing applications to interact and communicate when needed. App-V integrates with System Center Configuration Manager, so you can manage virtual and physical applications.

App-V 5.0 supports Windows 7 and Windows 8

App-V 4.6 supports Windows XP, Windows Vista and Windows 7

Microsoft User Experience Virtualization (UE-V) captures and centralizes application settings and Windows operating system settings for the user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions.

UE-V roams the operating system experience for Windows 7 and Windows 8, providing the consistent look and feel that users expect. UE-V helps retain the application experience without having to reconfigure applications when a user logs in from a different Windows instance —regardless of how the application is delivered or whether it is a rich desktop or virtual desktop session. Smart synchronization policies determine when and where to synch application and OS settings, helping ensure seamless personalization and quick loading.

UE-V 1.0 supports Windows 7, Windows 8, Server 2008 R2 and Server 2012

Microsoft Diagnostics and Recovery Toolset (DaRT) helps troubleshoot and repair Windows-based desktops.

The toolset helps IT professionals quickly respond to and resolve user issues onsite or remotely. It also helps your IT staff work more quickly and simplifies helpdesk support, reducing your overall support costs as well as lost productivity caused by downtime.

The 14 tools in the toolset provide intuitive options for repair and recovery, even when the machine will not boot normally. The easy-to-use, offline boot environment helps IT teams quickly repair computers. They can recover deleted files, analyze crash dumps, and remove malware from infected systems while the operating system is offline. This helps protect other computers on the network and reduces the amount of time the computer is unavailable.

DaRT 8.0 supports Windows 8 and Windows Server 2012.

DaRT 7.0 supports Windows 7 and Windows Server 2008 R2.

Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of the Group Policy Management Console (GPMC) to provide change control and improved management.

AGPM provides a more secure archive for controlling changes to GPOs by letting IT develop, review, and modify GPOs without affecting employee desktops. By acting as an extension to the Active Directory management console and providing granular administration, AGPM enables your staff to have much greater control over how edits are made and applied, resulting in a much richer level of PC manageability.

Microsoft Advanced Group Policy Management helps you avoid the downtime that can result from improperly configured or conflicting GPOs. Its offline editing and workflow delegation capabilities allow IT to configure, test, and approve changes before they go live, and quickly roll back changes if needed. It also helps IT recover deleted GPOs and repair live GPOs, reducing the risk of widespread failures.

AGPM 4.0 supports Windows Vista, Windows 7, Windows 8, Server 2008, Server 2008 R2 and Server 2012

AGPM 3.0 supports Windows Vista and Windows Server 2008.

Microsoft Enterprise Desktop Virtualization (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization.

MED-V 2.0 supports Windows 7.

MED-V 1.0 supports Windows Vista and Windows XP.

↧

Configuration Manager 2012 – Reporting on Visual Studio Licenses

August 26, 2013, 1:06 pm

≫ Next: Deploying Office 365 Click-to-Run with App-V 5.0 and Configuration Manager 2012

≪ Previous: Microsoft Desktop Optimization Pack (MDOP) 2013 overview by versions

Posted for Kevin Saye…

Reporting on Visual Studio License, via System Center Configuration Manager 2012

I recently had a request to report on the number of Visual Studio installs in a customer environment. Honestly, the customer did not have a full understanding of how many and where it was installed. Luckily, the customer had System Center Configuration Manager 2012 installed, so this was a snap.

I was asked "Kevin, how can I report on where it is installed?"

Answer: "Simple, write a report that shows only what you want. What do you want?"

Next question: "Umm, machine name, version of Visual Studio, User and OS".

Next Answer: "Great, do these 8 steps…."

Step 1. Goto your Configuration Manager Reports site: http://servername/Reports and click "Report Builder"

Step 2. Create a Table Report:

Step 3. Chose the dataset that matches your Configuration Manager install:

Step 4. Click the "Edit as Text" and type in the following query. (See appendix for a copy and paste of the query)

Step 5. Set the "ProductName" as the Row Group and all others as Values.

Step 6. Resize the report and title it as you like.

Step 7. Save the report (rdl file). I saved mine directly in the "Software – Companies and Products" folder in the System Center directory.

Step 8. Simply run the newly published report to see the results. You can also export to Excel here to slice and dice as you wish.

Appendix:

select distinct P.DisplayName0 as ProductName,

P.InstallDate0 as InstallDate,

S.Netbios_Name0 as ComputerName,

S.User_Name0 as LastUser,

S.Operating_System_Name_and0 as OperatingSystem,

S.Last_Logon_Timestamp0 as LastSeen

from [dbo].[v_Add_Remove_Programs] as P,

[dbo].[v_R_System] as S

where

S.ResourceID = P.ResourceID

and

(P.DisplayName0 like 'Microsoft Visual Studio %Premium%'

or P.DisplayName0 like 'Microsoft Visual Studio %Ultimate%'

or P.DisplayName0 like 'Microsoft Visual Studio %Professional%'

or P.DisplayName0 like 'Microsoft Visual Studio %Express%' )

and P.InstallDate0 is not null

order by S.Netbios_Name0

↧

Deploying Office 365 Click-to-Run with App-V 5.0 and Configuration Manager 2012

August 28, 2013, 6:53 am

≫ Next: How to setup Windows 8.1 Mail App without using a Microsoft Account

≪ Previous: Configuration Manager 2012 – Reporting on Visual Studio Licenses

In this blog I will detail how to perform the following with screenshots:

Create an Office 365 App-V 5.0 Package
Import Office Package in Configuration Manager
Deploy Office Package with Configuration Manager
Update Office Package with Configuration Manager

Everything is running in Hyper-V on Windows Server 2012, Configuration Manager 2012 and Windows 8 clients. This blog is for people who are experienced with Configuration Manager 2012 and Application Virtualization.

Step 1: Office Deployment Tool for Click-to-Run

Office Deployment Tool for Click-to-Run can be downloaded from - http://www.microsoft.com/en-us/download/details.aspx?id=36778

The Office Deployment Tool allows the administrator to customize and manage Office 365 Click-to-Run deployments. This tool will help administrators to manage installations sources, product/language combinations, and deployment configuration options for Office Click-to-Run.

Note: I am using Version 1; Date Published: 2/14/2013

When you download and run the Office Deployment Tool, it will ask you where to extract the files - I picked C:\Temp\Office\DeploymentTool

There will be 2 files in this directory: Configuration.xml and Setup.exe

Office Deployment Tool Setup runs the following tasks:

Setup /Download - Downloads files to create an Office 15 installation
Setup /Configure - Adds, removes, or configures an Office 15 installation
Setup /Packager - Produces an Office 15 App-V package

I made the following changes (highlighted) to default Configuration.xml file:

</Configuration>

Download: From a Command Prompt (Admin) - run the following command from C:\Temp\Office\DeploymentTool\ folder: Setup /Download Configuration.xml

This will download Click-To-Run source files for Office 365 to C:\Office\Download. Then we will use these files to create an installation.

Configure: We are going to skip the Configure piece and go straight to creating the App-V Package. We will do some Configuration once the App-V Package is imported into Configuration Manager.

Packager: Now we have the Source Files downloaded, we can create the App-V package.

Using a Command Prompt (Admin) - run the following command from C:\Temp\Office\DeploymentTool\ folder: Setup /Packager Configuration.xml C:\Office\App-V

This will create the App-V Package for Office 365 in the target folder C:\Office\App-V

This is a screenshot during the creation:

Now we have an App-V Package to import into Configuration Manager.

For more information on customizing Click-To-Run, please visit the following links:

Office Deployment Tool for Click-to-Run - http://technet.microsoft.com/en-us/library/jj219422(v=office.15)

Reference for Click-to-Run configuration.xml file - http://technet.microsoft.com/en-us/library/jj219426

Step 2: Import App-V Package into Configuration Manager 2012

Copy the App-V Package to the Configuration Manager server. Launch Configuration Manager Console - Select Software Library - Right Click Applications Node and choose Create Application

I select Microsoft Application Virtualization 5 as the Type and use a UNC Path to the Office 365 .appv file

This is a screenshot of the Imported Information

I named the Application: Office 365 ProPlus (April 2013) and filled in most of the other optional information.

You can complete the Wizard by Accepting the Defaults.

Now we have imported the Office 365 ProPlus Package into Configuration Manager Application Model. Now it is time to Configure the Package.

Step 3: Configure Office 365 App-V Application

I created two App-V 5 Deployment Types:

Primary Device(s) which Publishes all popular items: Excel, PowerPoint, Word, SkyDrive Pro, Lync, Access, Outlook, etc...
Non-Primary Devices which only Publishes Excel, PowerPoint and Word.

Note that Primary Device is 1st in the Priority List.

I set the Publishing and Requirements for Primary Device using the Tabs shown below:

I did not set Requirements for Non-Primary Device Deployment since I only have 2 Deployment Types and it is last on the list. I did configure the Publishing Tab to only include Excel, Word and PowerPoint. During an installation, Configuration Manager will check 1st Deployment and see if machine is meets the requirements, if not if will continue down the list. Therefore, if the machine is not a Primary Device, then it will fall back to Priority 2 Deployment Type and only Publish the three applications listed.

You can be more elaborate with the Deployment Types / Publishing / Requirements. We could add another Deployment that only applies to Windows 7 or 8 Machines that are Primary Devices, and those can have a separate selection of Application to Publish. We could make those Deployment Types Priority 1 and 2 and Push the Non-Primary Device Deployment to Priority 3.

You can also set Dependencies where the Application Installation will check for the appropriate App-V 5.0 Client and Service Pack level and if desired, install any missing Dependencies.

Now our Application and Deployment Types are set and we are ready to Deploy Office 365 Click-to-Run...

Step 4: Deploy Office 365 with Configuration Manager

From the Applications Node, Right Click Office 365 Application and Choose Deploy - see screen shot below

I want this application to show up on the Application Catalog Website, so I chose a User Collection and made the Purpose Available and Checked Require Administrator Approval if Users Request this Application, but this step is not necessary.

Now the Office 365 App-V Application will show up in the Application Catalog Website - it is the last one on the screen shot below:

I installed the Office Application to two separate machines - one is my Windows 8 Primary Device and the other is not. Here is a screenshot from App-V Client on one of my Windows 8 machines.

Here is a screenshot of my Start Screen on my Windows 8 Primary Device showing all the Office applications published.

Here are the same screenshot from my Windows 8 Non Primary machine.

And now for the final step - How to Update Office 365 Click-to-Run Package.

Step 5: Updating Office 365 Click-to-Run App-V Package

Here are the "normal" steps for updating an App-V package. However, all these steps do not apply to Office 365 Click-to-Run:

Copy the existing virtual application package to a clean Sequencer workstation.
Launch the Sequencer program and open the virtual application package for upgrade.
Install the desired application updates.
Save the new version of the package.
Open the Configuration Manager Admin Console to update the existing package as follows:
Select Software Library  Applications.
Select the copied version that has –copy and select Deployment Types at the bottom.
Right-click the deployment type and choose Update content.
Browse and point to the manifest.xml file in the new version of the App-V application and complete the wizard.
Go to the properties of the application and from the Supersedence tab, Add a Supersedence relationship for the previous application.
From the New Deployment Type drop-down, select the previous version of the application. Note: Do not select Uninstall check box.
Deploy the new version of the application to the appropriate collections.

The steps are little different for updating Office 365 App-V Package. Follow the steps outlined at the beginning of this blog and create a new Office 365 App-V Package. The /download switch from the Office Deployment Tool will download the latest and updated source files. Create a new package, but name it slightly different. I started adding the month and year to my Office 365 Packages in Configuration Manager: Office 365 ProPlus (April 2013) and Office 365 ProPlus (August 2013). Once you have created your new package, then follow the steps for configuring Supersedence above.

If you do not set Supersedence, the installation will remove your old package and all settings before updating. Supersedence will retain each users settings. See screenshot below:

This blog post covered the following steps with screenshots:

Create a Office 365 Click-to-Run App-V 5.0 Package
Import App-V Package into Configuration Manager
Configure App-V Package in Configuration Manager
Deploy App-V Package with Configuration Manager
Update App-V Package with Configuration Manager

Clarification Notes on Office: Office 2013 is the traditional MSI based installation where you buy Office and install it on 1 machine. Office 365 is the Cloud Solution that enables Office to be installed on 5 different devices and includes the Click-to-Run installation. I used the Office 365 solution for creating the App-V Package and Deployment with Configuration Manager that I detailed in this blog post.

More information on the differences can be found at - http://office.microsoft.com/en-us/business/microsoft-office-365-for-business-faq-FX103030232.aspx

↧

How to setup Windows 8.1 Mail App without using a Microsoft Account

October 7, 2013, 7:28 am

≫ Next: SCCM: SQL Reporting Services Custom Reports

≪ Previous: Deploying Office 365 Click-to-Run with App-V 5.0 and Configuration Manager 2012

With the release of Windows 8.1, it is no longer required to have a Microsoft Account (aka Live ID) to run Windows Mail Client. I will walk you through the steps (with Screenshots) on how to enable this new feature.

When you first launch the Mail Client, it will prompt you to "Switch to a Microsoft account on this PC" if you did not sign in with a Microsoft Account - see screenshot below. Customers that use domain accounts and do not use Microsoft Accounts, are still able to use Windows Mail Client with Windows 8.1.

To Turn this Feature Off, you have to Enable the following Group Policy:

Computer Configuration -> Administrative Templates -> Windows Components -> App runtime -> Allow Microsoft accounts to be optional

This does not only apply to Windows Mail Client, but other Windows Store Apps that support the feature and required a Microsoft Account.

Once that policy is enabled, you will now be prompted and able to use an Enterprise Account instead - see screenshot below:

If you do not publish your Email Server settings, Click on Show more details, then you are now able to enter your: Email Address, Server Address, Domain, Username and Password as show below.

I hope you find this Blog Post helpful when trying to setup the Windows Mail App without using a Microsoft Account.

↧

SCCM: SQL Reporting Services Custom Reports

February 17, 2009, 5:44 pm

≫ Next: SCCM PXE/WDS with Remote DHCP Server

≪ Previous: How to setup Windows 8.1 Mail App without using a Microsoft Account

Report: List Computers by Manufacturer and Model

SELECT SYS.Netbios_Name0, SYS.User_Name0, CSYS.Manufacturer0, CSYS.Model0
FROM v_R_System SYS
RIGHT JOIN v_GS_COMPUTER_SYSTEM CSYS on SYS.ResourceID = CSYS.ResourceID
ORDER BY CSYS.Manufacturer0, CSYS.Model0, SYS.Netbios_Name0

NOTE: This query only displays machines that are reporting Manufacturer and Model by using the RIGHT JOIN.

↧

SCCM PXE/WDS with Remote DHCP Server

February 18, 2009, 2:32 pm

≫ Next: SCCM Helpful Links

≪ Previous: SCCM: SQL Reporting Services Custom Reports

Here is a good KB Article on this subject - http://support.microsoft.com/default.aspx/kb/926172and http://technet.microsoft.com/en-us/library/cc732351.aspx

↧

SCCM Helpful Links

February 23, 2009, 4:32 pm

≫ Next: System Center Updates Publisher Configuration

≪ Previous: SCCM PXE/WDS with Remote DHCP Server

↧

System Center Updates Publisher Configuration

February 24, 2009, 10:24 am

≫ Next: SCCM Scripts

≪ Previous: SCCM Helpful Links

These are notes from the SCUP Help File….

To configure the certificate store on the update server

Click Start, click Run, type MMC in the text box, and then click OK to open the Microsoft Management Console (MMC).
Click File, click Add/Remove Snap-in, click Add, click Certificates, click Add, select Computer account, and then click Next.
Select Another computer, type the name of the update server or click Browse to find the update server computer, click Finish, click Close, and then click OK.
Expand Certificates (update server name), expand WSUS, and then click Certificates.
In the results pane, right-click the desired certificate, click All Tasks, and then click Export.
In the Certificate Export Wizard, use the default settings to create an export file with the name and location specified in the wizard. This file must be available to the update server before proceeding to the next step.
Right-click Trusted Publishers, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
If a self-signed certificate is used, such as WSUS Publishers Self-signed, right-click Trusted Root Certification Authorities, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
Right-click Certificates (update server name), click Connect to another computer, enter the computer name for the Updates Publisher computer, and click OK.
If Updates Publisher is remote from the update server, repeat steps 7 through 9 to import the certificate to the certificate store on the Updates Publisher computer.

To configure a self-signing certificate on client computers

Click Start, click Run, type MMC in the text box, and then click OK to open the Microsoft Management Console (MMC).
Click File, click Add/Remove Snap-in, click Add, click Certificates, click Add, select Computer account, and then click Next.
Select Another computer, type the name of the update server or click Browse to find the update server computer, click Finish, click Close, and then click OK.
Expand Certificates (update server name), expand WSUS, and then click Certificates.
Right-click the certificate in the results pane, click All Tasks, and then click Export. Complete the Certificate Export Wizard using the default settings to create an export certificate file with the name and location specified in the wizard.
Use a method to add the certificate used to sign the updates catalog to each client computer that will use WUA to scan for the updates in the catalog. Add the certificate on the client computer as follows:
- For self-signed certificates: Add the certificate to the Trusted Root Certification Authorities and Trusted Publishers certificate stores.
- For certification authority (CA) issued certificates: Add the certificate to the Trusted Publishers certificate store.
Note: The WUA also checks whether the Allow signed content from intranet Microsoft update service location Group Policy setting is enabled on the local computer.

To deploy the WSUS self-signed certificate using software distribution and certutil.exe

Export the WSUS Publishers Self-signed certificate and public key to a directory on the local computer.
Copy the Certutil.exe and Certadm.dll files to the same directory as the exported files. Certutil.exe is a command-line program that is installed as part of Certificate Services in the Windows Server 2003 family and both files are installed in %windir%\system32, by default.
Create a software distribution package containing the files from step 1 and step 2.
Add a software distribution program that runs the following command-line: certutil.exe -addstore TrustedPublisher wsus.cer, where TrustedPublisher is the name of the certificate store and wsus.cer is the name of the exported certificate. For more information about certutil.exe, see the Certutil Web site on TechNet (http://go.microsoft.com/fwlink/?LinkId=108447)
Create an advertisement for distributing the package and program to the appropriate collection.

To configure the Group Policy to allow WUA 3.0 on computers to scan for published updates

Open the Group Policy Object Editor Microsoft Management Console (MMC) snap-in with a user that has the appropriate security rights to configure Group Policy.
Click Browse and select the domain, OU, or GPOs linked to the site where the configured Group Policy will propagate to the desired client computers. Click OK, click Finish, click Close, and then click OK.
Expand the selected policy setting in the console tree, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
In the results pane, right-click Allow signed content from intranet Microsoft update service location, click Properties, click Enabled, and then click OK.

↧

SCCM Scripts

February 24, 2009, 6:06 pm

≫ Next: Support for SQL Server versions

≪ Previous: System Center Updates Publisher Configuration

These SDK Scripts can perform ad-hoc client side tasks.

NOTE: If running on x64 machine, you must use the 32-bit version of C:\Windows\SysWoW64\cscript.exe since SCCM is a 32-bit application.

Client Component List

On Error Resume Next

    Dim oCPAppletMgr ' Control Applet manager object
    Dim oClientAction ' Individual client action
    Dim oClientActions ' A collection of client actions

    ' Get the Control Panel applet manager object.
    Set oCPAppletMgr=CreateObject("CPApplet.CPAppletMgr")
    If err.number <> 0 Then
        Wscript.echo "Couldn't create control panel application manager"

End If

    ' Get a collection of actions.
    Set oClientActions=oCPAppletMgr.GetClientActions
    If err.number<>0 Then
        wscript.echo "Couldn't get the client actions"
        Set oCPAppletMgr=Nothing

End If

    ' Display each client action name and perform it.
    For Each oClientAction In oClientActions
        wscript.echo oClientAction.name
        oClientAction.PerformAction
        wscript.echo
    Next

Set oClientActions=Nothing
Set oCPAppletMgr=Nothing