In the first part of this blog series on how to deploy Windows 10 with SCCM, we will prepare our environment for Windows 10. If you’re already deploying other operating systems with SCCM 1511, adding Windows 10 is just a matter of adding a new WIM (which our post covers in part 4). If you’re new to deploying operating system with SCCM, follow this post which will covers all steps needed before you can deploy your first systems.

Overview SCCM Windows 10 Deployment

1. Upgrade to SCCM 1511
2. Enable PXE Support
3. Prepare your boot image
4. Prepare your Operating Systems
5. Create your SUG
6. USMT Packages

Upgrade to SCCM 1511

It’s possible to manage Windows 10 with SCCM 2012 but when it comes to deploying Windows 10, if you want to use the full features, you need SCCM 1511 and further. Follow our guide to upgrade your SCCM server and make sure that you are upgrading your Windows ADK version which is included in the upgrade process.

Enable PXE Support

Follow these steps if you want to deploy your images using PXE boot (recommended)

• Open the SCCM Console
• Go to Administration / Site Configuration / Servers and Site System Roles
• Select your distribution point and right-click on the Distribution point role on the bottom, select Properties

• Select the PXE tab
• Enable the Enable PXE support for Clients check-box and answer Yes when prompted about firewall ports (UDP ports 67, 68, 69 and 4011 )

• Check the Allow this distribution point to respond to incoming PXE requests check box
• Check the Enable unknown computer support check box
• Ensure that the Respond to PXE request on all network interfaces is selected
• Click Ok

Your distribution point will now install Windows Deployment Services (if not already installed) and will copy the necessary files on the distribution point.

You can monitor this process in the SCCM Console :

• Go to Monitoring / Distribution Status / Distribution Point Configuration Status
• Click your distribution point on the top and select the Details tab on the bottom
• You will see that the distribution point PXE settings has changed

Prepare your boot image

Drivers

Before launching your first boot image you must include your Windows 10 drivers into the boot image. Our rule of thumb about drivers is to try to boot a certain model and if it fails, add the drivers. Do not add all your NIC drivers to your boot image, it’s overkill and unnecessary increase the size of the boot image.

To add drivers to the boot image :

• Open the SCCM Console
• Go to Software Library / Operating Systems / Boot Images
• Right-click your Boot Image, select Properties
• Select the Drivers tab

• Click the Star icon
• Select the desired drivers and click OK

• The selected drivers are added to the boot image, once you click OK, SCCM will inject the driver in your boot image

Customization

We will now make a couple customization to the boot image to enable command support (F8) and add a custom background image to the deployment

• Open the SCCM Console
• Go to Software Library / Operating Systems / Boot Images
• Right-click your Boot Image
• Select the Customization tab
• Check the Enable command support checkbox. This allows to have the F8 command line support during deployment
• Specify a custom background if needed by checking Specify the custom background image file checkbox

• If you’re using a PXE-enable distribution point, select the Data Source tab and check the Deploy this boot image from the PXE-Enabled distributon point checkbox

• Click Apply and Yes to the warning, close the window

Distribute your boot image

Since you’ve upgraded your ADK to version 10 and made modifications to your boot image, you need to redistribute it to your distribution points.

• Right click your boot image and select Update Distribution Points

Prepare your Operating Systems

We will now import the Windows 10 WIM file for Windows 10 deployment.

We will start by importing the default Install.Wim from the Windows 10 media for a “vanilla” Windows 10 deployment. You could also import a WIM file that you’ve created through a build and capture process.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Images
• Right click Operating System Images and select Add Operating System Image

• On the Data Source tab, browse to your WIM file. The path must be in UNC format

• In the General tab, enter the Name, Version and Comment, click Next

• On the Summary tab, review your information and click Next

• Complete the wizard and close this window

Distribute your Operating System Image

We now need to send the Operating System Image (WIM file) to our distribution points.

• Right click your Operating System Image, select Distribute Content and complete the Distribute Content wizard

We will now import the complete Windows 10 media in Operating System Upgrade Packages. This package will be used to upgrade a Windows 7 (or 8.1) device to Windows 10 using an Upgrade Task Sequence.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Upgrade Packages
• Right click Operating System Upgrade Packages and select Add Operating System Upgrade Packages

• In the Data Source tab, browse to the path of your full Windows 10 media. The path must point on an extracted source of a ISO file. You need to point at the top folder where Setup.exe reside

• In the General tab, enter the Name, Version and Comment, click Next

• On the Summary tab, review your information and click Next

• Complete the wizard and close this window

Distribute your Operating System Upgrade Packages

We now need to send the Operating System Upgrade Package to your distribution points.

• Right click your Operating System Upgrade Package, select Distribute Content and complete the Distribute Content wizard

Create Software Update Group

One important thing in any OSD project, is to make sure that every machines deployments are up to date. Before deploying Windows 10, make sure that your Software Update Point is configured to include Windows 10 patches.

Once Windows 10 is added to your Software Update Point, we will create a Software Update Group that will be deployed to our Windows 10 deployment collection. This way, all patches released after the Windows 10 media creation (or your Capture date) will be deployed during the deployment process.

To create a Windows 10 Software Update Group :

• Open the SCCM Console
• Go to Software Library / Software Updates / All Software Updates
• On the right side, click Add Criteria, select Product, Expired and Superseded
  • Product : Windows 10
  • Expired  : No
  • Superseded : No

• Select all patches and select Create Software Update Group

• Once created, go to Software Library / Software Updates / Software Update Groups
• Right-click your Windows 10 SUG and deploy it to your OSD deployment collection

USMT Package

If you are planning to use USMT to capture and restore user settings and files, you need to make sure that the USMT package is created and distributed.

• Open the SCCM Console
• Go to Software Library / Application Management / Packages
• Right-click the User State Migration Tool for Windows 10 package and select Properties
• On the Data Source tab, ensure that the package is using the ADK 10 – Which is per default C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\User State Migration Tool
• Right-click the User State Migration Tool for Windows 10 package and select Distribute Content

That’s it ! You have everything that’s needed to create your first Windows 10 deployment. Read the next parts of this blog series to successfully deploy Windows 10.

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post SCCM Windows 10 Deployment | Prepare your Environment appeared first on System Center Dudes.

The first upgrade for SCCM Current Branch (1511) is now available. This post is a complete step-by-step SCCM 1602 upgrade guide. If you’re looking for a complete SCCM 1511 installation guide, see our blog series which covers it all.

Installing SCCM upgrades is very important to your infrastructure. It adds new feature and fixes lots of issues, which some of them are important.

New Update and Servicing

Since SCCM 1511, Microsoft now release update pack differently than services packs and cumulative updates. Downloading and updating is made directly from the console. If you need to make a new SCCM installation, you can’t install SCCM 1602 directly. You need to install SCCM 1511 first and then apply SCCM 1602 from the console. SCCM 1511 is still the baseline version if you’re starting from scratch.

The update process seem quite easy but don’t get confused. Yes, it’s easy to apply, but these updates needs to be planned as much as you planned cumulative updates and service pack in the past. (During the installation process all SCCM services including SMS_Executive service are stopped)

As stated on the Configuration Manager Team blog,  the new servicing methods is designed to support the much faster pace of updates for Windows 10 and Microsoft Intune. (You can expect 3 or 4 of these updates per year). They also mentioned that they plan to support each version/update for 12 months before they require that customers upgrade to the latest one to continue support. This basically means that you can skip SCCM 1602 if you want and apply SCCM 1606 (fictional name) at release. The important thing to remember is to update before the 12 month end-of-support period.

New features and fixes

This update contains new features and applies the latest KB/fixes to fix known bugs.

• Client Online Status
  • You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline
• Support for SQL Server AlwaysOn Availability Groups
  • Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database
• Windows 10 Device Health Attestation Reporting
  • You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software
• Office 365 Update Management
  • You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update
• New Antimalware Policy Settings
  • New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan

Our favorite feature is Client Online Status which will greatly help operational tasks. A computer is considered online if it is connected to its assigned management point. To indicate that the computer is online, the client sends ping-like messages to the management point. If the management point doesn’t receive a message after 5 minutes, the client is considered offline.

Before you begin SCCM 1602 Upgrade Guide

Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear in your console.

If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the top-level site upgrades, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.

Before applying this update, We strongly recommend that you go through the upgrade check list provided on Technet.

In this post, we’ll be updating a standalone Primary Site Server, console and clients.

Before installing, check if your site is ready for the update :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• In the State column, ensure that the update is Available

If you’re not seeing the update, Microsoft has provided a PowerShell script to force the download. If you’re not in a hurry, just wait and it should appear in the next following days.

Refer to Dmpdownloader.log to see download progress :

The update files gets saved in the EasySetupPayload folder in the Configuration Manger setup folder

SCCM 1602 upgrade guide

Step 1 | SCCM 1602 Prerequisite check

Before launching the update, we recommend to launch the prerequisite check :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• Right-click the Configuration Manager 1602 update and select Run prerequisite check

• Nothing will happen, the prerequisite check runs in the background. All menu options will be grayed out during the check
• The one way to see progress is by viewing C:\ConfigMgrPrereq.log

• You can also monitor prerequisite check by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status

• When completed the State column will show Prerequisite check passed

Step 2 | Launching the SCCM 1602 update

We are now ready to launch the SCCM 1602 update

• Right click the Configuration Manager 1602 update and select Install Update Pack

• On the General tab, click Next

• On the Features tab, select the features you want to update

• If you don’t select one of the feature now and want to enable it later, you’ll be able to so by using the console in Administration \ Cloud Services \ Updates and Servicing \ Features

• In the Client Update Options, select the desired option for your client update
  • This new feature allows to update only clients member of a specific collection. Refer to the Technet article for more details

• On the License Terms tab, accept the licence terms and click Next

• On the Summary tab, review your choices and click Next

• On the Completion tab, close the wizard. The whole process took a minute but the installation is not over, it has been initiated. For now on, no more GUI, you need to use log files to monitor the installation

• During installation, the State column changes to Installing

• You can  monitor installation by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status…

• … or you can follow detailed installation progress in SCCM Installation Directory\Logs\CMUpdate.log

• Services are stopped

• When completed, you’ll notice the message There are no pending update package to be processed

• Refresh the Updates and Servicing node, the State column will be Installed

Updating the consoles

The console now has an auto-update feature. At console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.

• Since all updates operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console

• Click OK,  console update will starts automatically

• Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version.

Verification

Consoles

After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 5.0.8355.1000. You can also notice that Version 1602 is stated.

Servers

• Go to Administration \ Site Configuration \ Sites
• Right-click your site and select Properties
• Verify the Version and Build number

Clients

The client version will be updated to 5.0.8355.1000 (after updating, see section below)

SCCM 1602 client Package distribution

You’ll see that 2 client update packages are created :

• Navigate to Software Library \ Application Management \ Packages

• Select both package and initiate a Distribute Content to your distribution points

Boot Images

Boot images are automatically updated during setup. See our post on upgrade consideration in large environment to avoid this if you have multiple distribution points.

• Go to Software Library / Operating Systems / Boot Images
• Select your boot image and check the last Content Status date. It should match your setup date

Updating the Clients

Our preferred way to update our clients is by using the Client Upgrade feature.

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

Monitor SCCM client version number

SCCM Reports Client Version

You can se our SCCM Client version reports to give detailed information about every clients versions in your environment. It’s the easiest way to track your client updates.

Collections

You can also create a collection that targets clients without the latest client version. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8355.1000'

Happy updating !

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Step-by-Step SCCM 1602 Upgrade Guide appeared first on System Center Dudes.

In the fourth post of this blog series about Windows 10 Deployment using SCCM, we will show you how to upgrade a Windows 7 to Windows computer 10 using SCCM task sequence upgrade.

The goal of an upgrade task sequence is to upgrade an existing operating system to Windows 10 without loosing any data and installed software. This post assumes that you are running SCCM 1511 or SCCM 1602 and that you completed the preparation of your environment for Windows 10.

If you are running SCCM 2012 R2 SP1, the product team has release important information about SCCM task sequence upgrade that you can find in this blog post.

In the past, an in-place upgrade scenario was not a reliable and popular option to deploy the latest version of Windows. With Windows 10, it’s now reliable and features an automatic rollback in case something goes wrong. This scenario can also be considered faster than the wipe and reload deployment scenarios, since applications and drivers don’t need to be reinstalled.

When to use Windows 7 In-Place Upgrade Scenario ?

Consider using SCCM upgrade task sequence if :

• You need to keep all existing applications and settings on a device
• You need to migrate Windows 10 to a later Windows 10 release (ex: 1511 to 1607)
• You don’t need to change the system architecture (32 bits to 64 bits)
• You don’t need to change the operating system base language
• You don’t need to downgrade a SKU (Enterprise to Pro). The only supported path is Pro to Enterprise or Enterprise to Enterprise)
• You don’t need to change the BIOS architecture from legacy to UEFI
• You don’t have multi-boot configuration

Windows 10 is now managed as a service, this upgrade process can also be used to migrate Windows 10 to a later Windows 10 release or you can use the new Windows 10 servicing feature in SCCM 1602 and later.

Possible Upgrade Path when using SCCM Windows 7 Task Sequence Upgrade

• Windows 7, Windows 8 and Windows 8.1 can use this method to upgrade to Windows 10
• You can’t upgrade a Windows XP or Windows Vista computer to Windows 10
• Windows 10 is the only final destination OS (You can’t upgrade a Windows 7 to Windows 8.1 using this method)

Requirements

• As stated in the start of this blog post, you need at least SCCM 2012 R2 SP1 (or SCCM 2012 SP2) to support the upgrade task sequence
• You cannot use a custom image for this scenario, you must start from the original WIM from the Windows 10 media

Three major vendors have supported workarounds documented on their support sites :

Understanding the In-Place Upgrade Process

If you want to understand all the phases in the upgrade process, we strongly recommend watching the Upgrading to Windows 10: In Depth video from the last Microsoft Ignite event.

Create SCCM Task Sequence Upgrade Windows 7 to Windows 10

Enough writing, let’s create a SCCM task sequence upgrade for a Windows 7 deployment.

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Upgrade an operating system from upgrade package

• In the Task Sequence Information tab, enter a Task Sequence Name and Description

• On the Upgrade the Windows Operating System tab, select your upgrade package by using the Browse button. If you don’t have imported an upgrade package yet, use the step provided in our preparation blog post

• On the Include Updates tab, select the desired Software Update task
  • All Software Updates will install the updates regardless of whether there is a deadline set on the deployment (on your OSD collection)
  • Mandatory Software Updates will only install updates from deployments that have a scheduled deadline (on your OSD collection)
  • Do not install any software updates will not install any software update during the Task Sequence

• On the Install Applications tab, select any application you want to add to your upgrade process

• On the Summary tab, review your choices and click Next

• On the Competition tab, click Close

Edit the SCCM Task Sequence Upgrade

Now that we have created the task sequence, let’s see what it looks like under the hood:

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click your upgrade task sequences and select Edit

As you can see, it’s fairly simple. SCCM will take care of everything in a couple of steps :

• The Upgrade Operating System step contains the important step of applying Windows 10

Deploy the SCCM Windows 7 Upgrade Task Sequence

We are now ready to deploy our task sequence to the computer we want to upgrade. In our case, we are targeting a Windows 7 computer.

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Deploy

• On the General pane, select your collection. This is the collection that will receive the Windows 10 upgrade. For testing purposes, we recommend putting only 1 computer to start

• On the Deployment Settings tab, select the Purpose of the deployment
  • Available will prompt the user to install at the desired time
  • Required will force the deployment at the deadline (see Scheduling)
• You cannot change the Make available to the following drop-down since upgrade packages are available to client only

• On the Scheduling tab, enter the desired available date and time. On the screenshot, we can’t create an Assignment schedule because we select Available in the previous screen

• In the User Experience pane, select the desired options

• In the Alerts tab, check Create a deployment alert when the threshold is higher than the following check-box if you want to create an alert on the failures

• On the Distribution Point pane, select the desired Deployment options. We will leave the default options

• Review the selected options and complete the wizard

Launch the Upgrade Process

Now that our upgrade task sequence is deployed to our clients, we will log on our Windows 7 computer and launch a Machine Policy Retrieval & Evaluation Cycle from Control Panel / Configration Manager Icon

• Open the new Software Center from the Windows 7 Start Menu
• You’ll see the SCCM upgrade task sequence as available. We could have selected the Required option in our deployment schedule, to launch automatically without user interaction at a specific time

• When ready, click on Install

• The following warning appears

• Click on Install Operating System
• The update is starting, the task sequence Installation Progress screen shows the different steps

• The WIM is downloading on the computer and saved in C:\_SMSTaskSequence

• You can follow task sequence progress in C:\Windows\CCM\Logs\SMSTSLog\SMSTS.log

• After downloading, the system will reboot

• The computer restart and is loading the files in preparation of the Windows 10 upgrade

• WinPE is loading

• The upgrade process starts. This step should take about 15 to 30 minutes depending of the device hardware

• Windows 10 is getting ready, 2-3 more minutes and the upgrade will be completed

• Once completed the SetupComplete.cmd script runs. This step is important to set the task sequence service to the correct state

• Windows is now ready, all software and settings are preserved

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Windows 10 Deployment | SCCM Task Sequence Upgrade Windows 7 to Windows 10 appeared first on System Center Dudes.

In this post we will describe how to customize your windows 10 image to personalize it to your company. There’s an infinite amount of customization that can be made but i’ll try to cover the more frequent one, those that are asked 95% of every Windows 10 projects I was involved in. You could also do all those modifications through group policies if you want to enforce those settings.

SCCM Windows 10 Customization Package

Before we begin any customization, we will create a Windows 10 Customization package that we will use in our task sequence. It will be empty to start but we will create the folders and scripts during this blog post.

• Open the SCCM Console
• Go to Software Library / Application Management / Packages
• Create a new package
• On the Package tab, enter a Name, Description, Manufacturer and Source folder (this is where all scripts will be stored)

• On the Program Type tab, select Do not create a program

• On the Summary tab, review your choices and complete the wizard

File Association

The first item we will be covering is file association. By default, Windows 10 uses Microsoft Edge to open every PDF files and HTTP links. For this post, we will redirect PDF files to Adobe Reader and HTTP/HTTPS to Internet Explorer. You can redirect any extension to any software. You just need to make sure that the application that you associate is installed during your Windows 10 deployment (or in your image).

The first step is to make the association manually, we will then export the configuration to a XML file and we will use DISM in our task sequence to import the configuration.

• Log on a Windows 10 machine
• Open Control Panel / Programs / Default Programs / Set Associations

• Navigate to .PDF and click on Change Program

• Select Adobe Reader and click OK

• Your .PDF files are now associated to Adobe Reader
• For Internet Explorer association, select HTTP Protocol, .HTM and .HTML files, change program to Internet Explorer

Now that our associations has been done, we need to export the associations to a XML file using DISM :

• Open an elevated command prompt
• Run the following command : Dism /Online /Export-DefaultAppAssociations:C:\Temp\SCDAppAssoc.xml
  • (Change the XML file name and path if desired but make sure that the directory exists or you’ll get an error code 3)

The XML file can be opened using any text editor. You can see our modifications has been made. It’s possible to change manually in this file but it’s a bit tricky to find ProdId and ApplicationName.

• Copy the XML file to your Windows 10 customization package in the FileAssociations Folder

• Open the SCCM Console and browse to Packages
• Right-click your Windows 10 Customization package and select Update Distribution Point

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click and Edit your Windows 10 task sequence
• Select Add / General / Run Command Line
  • Name : Set File Association
  • Command line : Dism.exe /online /Import-DefaultAppAssociations:FileAssociations\SCDAppAssoc.xml
  • Check the Package box and specify your Windows 10 customization package
• Position this step after the Windows image has been deployed

Setting the Default Windows 10 Wallpaper

We will now change the default Windows 10 wallpaper to a corporate one.

• The default Windows 10 wallpapers are stored in the C:\Windows\Web\Wallpaper\Windows\ folder
• Windows 10 also support 4K wallpapers which are stored in C:\Windows\Web\4K\Wallpaper\Windows

For our post, we will delete the 4K wallpapers and overwrite the default img0.jpg file. If you need to support 4K wallpaper, just place them in the 4K folder before updating your distribution points and the script will copy it to the right location.

By default, you can’t modify those files, we will use a PowerShell script to change the security of the folder and overwrite the wallpaper file. We will grant access to the SYSTEM account since it’s the account used during the SCCM task sequence.

• Create a new WallPaper\DefaultRes and WallPaper\4K folder in your Windows 10 customization directory
• Rename your wallpaper to img0.jpg copy it in the WallPaper\DefaultRes directory
• If 4K support is needed, copy your files in the WallPaper\4K Directory

Create a new Powershell script in the root of the Wallpaper directory and copy this code into it :

You’ll end up with the following structure :

• Open the SCCM Console and browse to Packages
• Right-click your Windows 10 Customization package and select Update Distribution Point

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click and Edit your Windows 10 task sequence
• Select Add / General / Run PowerShell Script
  • Name : Set Wallpaper
  • Script Name : Wallpaper\ChangeWallpaper.ps1
  • PowerShell execution policy : Bypass
• Position this step after the Windows image has been deployed

Change Lock Screen Image

The lock screen image is the image you see when the computer is locked. To change it, we must copy our image locally on the computer and then modify a registry key to read it.

• Create a new LockScreen folder in your Windows 10 customization directory
• Create a new LockScreen.cmd file and copy the following code

• Create a new LockScreen.reg file and copy the following code (watch out of the “” when copy/pasting)

• Copy the image you want to set as the lock screen. For this blog post we will call it LockScreen.jpg. If you rename this file, make sure to change the script to fit this name.

You’ll end up with the following structure :

• Open the SCCM Console and browse to Packages
• Right-click your Windows 10 Customization package and select Update Distribution Point

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click and Edit your Windows 10 task sequence
• Select Add / General / Run Command Line
  • Name : Set File Association
  • Command line : cmd.exe /c LockScreen\LockScreen.cmd
  • Check the Package box and specify your Windows 10 customization package
• Position this step after the Windows image has been deployed

Disable Microsoft Consumer Experiences

The latest Windows 10 feature upgrade includes a new feature that automatically installs a few apps from the Windows Store. Some apps like Candy Crush and Minecraft gets installed, we don’t think that belong to a work environment so we’ll delete it.

The good news is that it’s quite simple to disable. You need to disable a function called Microsoft Consumer Experiences. We will do this using a registry modification :

• Create a new ConsumerExperience folder in your Windows 10 customization directory
• Create a new DisableConsumerExperience.reg file and copy the following code :

You’ll end up with the following structure :

• Open the SCCM Console and browse to Packages
• Right-click your Windows 10 Customization package and select Update Distribution Point

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click and Edit your Windows 10 task sequence
• Select Add / General / Run Command Line
  • Name : Disable Consumer Experience
  • Command line : Regedit.exe /s ConsumerExperience\DisableConsumerExperience.reg
  • Check the Package box and specify your Windows 10 customization package
• Position this step after the Windows image has been deployed

Create Custom Start Menu

We will now create a default Windows 10 start menu that will be used on every Windows 10 machine by default. If you add shortcuts to applications, make sure that you’ve include them in your task sequence or you’ll end up with a start menu looking like swiss cheese. (empty spots)

• Log on a Windows 10 machine
• Manually configure the Start Menu
• Create a new StartMenu folder in your Windows 10 customization package
• Start an elevated PowerShell and run the following command : Export-StartLayout -Path “C:\Temp\StartMenu.bin”
• Copy the StartMenu.bin file to your Windows 10 customization package in the StartMenu folder

• Open the SCCM Console and browse to Packages
• Right-click your Windows 10 Customization package and select Update Distribution Point

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click and Edit your Windows 10 task sequence
• Select Add / General / Run Command Line
  • Name : Set Start Menu Layout
  • Command line : Powershell.exe Import-StartLayout -LayoutPath StartMenu\StartMenu.bin -MountPath C:\
  • Check the Package box and specify your Windows 10 customization package
• Position this step after the Windows image has been deployed

Set Windows 10 Pinned Taskbar items

Windows 10 permits to “pin” program on the task bar for easy access. Here’s how to create a standard task-bar for your Windows 10 users.

• Create a new PinTaskBar folder in your Windows 10 customization directory
• Log on a Windows 10 computer
• Manually pin all the desired program using the Pin to taskbar option

• Copy the links from %AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar to your Windows 10 customization package in the PinTaskBar directory. This directory is hidden, so be sure to show Hidden Items

• Open Registry Editor
• Export the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband key to Win10Taskbar.reg

• Copy the Win10Taskbar.reg file to your Windows 10 customization package in the PinTaskBar directory
• Edit the Win10Taskbar.reg file using a text editor and replace the beginning of the first line
  • Replace HKEY_Current_User to HKEY_LOCAL_MACHINE\defuser

• The final string will be : HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
• Create a new Win10Taskbar.cmd file in your Windows 10 customization package in the PinTaskBar directory and copy the following code :

You’ll end up with the following structure :

• Open the SCCM Console and browse to Packages
• Right-click your Windows 10 Customization package and select Update Distribution Point

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click and Edit your Windows 10 task sequence
• Select Add / General / Run Command Line
  • Name : Set Taskbar Pins
  • Command line : cmd.exe /c PinTaskBar\Win10Taskbar.cmd
  • Check the Package box and specify your Windows 10 customization package
• Position this step after the Windows image has been deployed

Conclusion

If you correctly follow this post, you’ll end up with this structure in your Windows 10 Customization package :

And you’ll have 6 new steps in your Windows 10 task sequence :

You can now deploy your Windows 10 task sequence to a test machine and all customization should be there. See our post on how to monitor your task sequence if something goes wrong or simply if you want to track the progress.

We hope this post will help you out for your Windows 10 customization. Feel free to post your customization using the comment section. We will update this post on a regular basis when we have more to share.

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post SCCM Windows 10 Customization using Task Sequences appeared first on System Center Dudes.

Since SCCM 1511, you can use the new upgrade task sequence to easily upgrade a Windows 7 computer to Windows 10. But what if you want to upgrade a computer from a 32-bits operating system to Windows 10 64-bits ? You can’t use the upgrade task sequence for this specific scenario. Another reason would be that your company decided to use the wipe and reload option in your Windows 10 migration project. In those cases you will need to use USMT to capture data and settings from the users profiles before applying the new operating system.

This post will describe how to upgrade a 32-bits computer to Windows 10 64-bits using USMT and SCCM. This post will be using hard-links without using a State Migration Point. Continue reading if you are not familiar with those terms, we will explain it later.

Since you’re at the step of deploying Windows 10, we assume that you already installed at least SCCM 1511 and the latest Windows ADK before reading this post. If not, read our related posts :

1. SCCM 1511 Upgrade Guide
2. Windows 10 Deployment | Prepare your environment

USMT Basics

Let’s start by giving a couple of facts about the User State Migration Tool :

• Latest USMT version is 5.0
• Latest Windows ADK 10 includes the latest version
• Supports capturing data and settings from Windows Vista and later (including Windows 10)
• Supports restoring the data and settings to Windows 7 and later (including Windows 10)
• Supports migrating from a 32-bit operating system to a 64-bit operating system, but not the other way around

What gets Migrated

By default, USMT migrates many settings (user profile, Control Panel configurations, files, and more). The default configuration files that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two configurations files migrates the following data and settings:

• Folders from each profile (My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders)
• USMT templates migrate the following file types: .accdb, .ch3, .csv, .dif, .doc*, .dot*, .dqy, .iqy, .mcw, .mdb*, .mpp, .one*, .oqy, .or6, .pot*, .ppa, .pps*, .ppt*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl*, .vsd, .wk*, .wpd, .wps, .wq1, .wri, .xl*, .xla, .xlb, .xls*.
• Operating system component settings
• Application settings

If needed, you can create a custom configuration files to includes more files types or settings. See the following Technet post for detailed instructions.

For more details on what USMT migrates, see this Technet article. For more information on the USMT overall references, see this Technet article.

Where to Store the User Data and Settings

You can capture USMT data locally (Hard-links) or remotely using a State Migration Point in SCCM (File Copy).

• Hard-link migration takes advantage of advanced features of the NTFS file system that allow files to physically remain in-place and intact even after the drive is wiped (not formatted). When restored, pointers to the files are restored, so the files never physically have to be copied or moved outside the machine. To use hard-linking, select the Capture locally by using links instead of copying files option in the Capture User State task
• File copy: If hard-linking is not selected, the traditional file copy method for storing user state is used. This file copy method literally copies all identified user state data to an alternative location requiring extra disk space and extra time to complete the copy

• To store the user state data on a state migration point (File Copy), you must first Configure a state migration point to store the user state data
• To store the user state data on the destination computer for update deployments (Hard-Link), you must :
  • Add Capture User State steps to your task sequence and configure it to use local folder using links
  • Add Restore User State steps to your task sequence and configure it to restores the user state using those links

This post will focus on the hard-links option and will not describe how to customize the task sequence to use the state migration point.

Verify SCCM Windows 10 USMT Package

To store the user state locally or on a state migration point, you must create a package that contains the USMT source files that you want to use. This package is used in the Capture User State step of the migration task sequence.

• Open the SCCM Console
• Go to Software Library / Application Management / Packages
• Right-click the User State Migration Tool for Windows 10 package and select Properties
• On the Data Source tab, ensure that the package is using the ADK 10 – Which is per default C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\User State Migration Tool
• Right-click the User State Migration Tool for Windows 10 package and select Distribute Content

• If you have no User State Migration Tool for Windows 10 package, just create (without any programs) and distribute it

Creating the Capture and Restore User State Data Task Sequence

To capture and restore the user state, you must first create a new task sequence, but before, we’ll explain the different options in the User State Menu :

• Request State Store : This step is needed only if you store the user state on the State Migration Point
• Capture User State : This step captures the user state data and stores it on the State Migration Point or locally using hard-links
• Restore User State : This step restores the user state data on the destination computer. It can retrieve the data from a user state migration point or from hard-links
• Release State Store : This step is needed only if you store the user state on the State Migration Point. This step release this data from the State Migration Point

When you create a new task sequence from the latest SCCM version, the wizard takes care of the essential steps. Let’s create it and see what are the options :

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequence and select Create Task Sequence
• Select Install an existing image package

• On the Task Sequence Information tab, enter your Task sequence name, Description and Boot Image

• On the Install Windows tab, uncheck Partition and format the target computer and Configure task sequence for use with Bitlocker
  • If a format and partition of the disk is selected, it would wipe all data on the drive, including the USMT data. Instead, the Apply Operating System task will delete of all files and directories occurs on the drive minus protected USMT folders

• On the Configure Network tab, select to join your domain and specify the account to use

• On the Install Configuration Manager Client tab, select your client package

• On the State Migration tab, check Capture user settings and files, select your USMT Package
• Select Save user settings and files locally and check Capture locally by using links instead of by copying files

• If needed check the Capture Network Settings and Capture Windows Settings. See the attached links for more information about these options

• In the Include Update tab, select the desired update behavior

• On the Install Applications tab, select any applications that you want to include in your task sequence

• On the Summary tab, review your choices, click Next and complete the wizard

• Now that the task sequence is created, we’ll edit it and review the steps
• Right-click your newly created task sequence and click Edit
• You’ll notice 3 USMT steps has been created :
  • Set Local State Location : This step specify the directory where the local state will be saved. We are using the builtin variable OSDStateStorePath and set the value to %_SMSTSUserStatePath% but you can use a specific location if needed

• Capture User Files and Settings : This is the step when USMT will run the ScanState command. You will see this command in SMSTS.log when monitoring your task sequence. (By default : C:\_SMSTaskSequence\Packages\<YourPackageID>\amd64\scanstate.exe C:\_SMSTaskSequence\UserState /o /localonly /efs:copyraw /c /hardlink /nocompress /l:C:\Windows\CCM\Logs\SMSTSLog\scanstate.log /progress:C:\Windows\CCM\Logs\SMSTSLog\scanstateprogress.log /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migdocs.xml /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migapp.xml)

• Restore User Files and Settings : This is the step when USMT will run the LoadState command. You will see this command in SMSTS.log when monitoring your task sequence (By default : C:\_SMSTaskSequence\Packages\<YourPackageID>\amd64\loadstate.exe C:\_SMSTaskSequence\UserState /ue:<computername>\* /c /hardlink /nocompress /l:C:\WINDOWS\CCM\Logs\SMSTSLog\loadstate.log /progress:C:\WINDOWS\CCM\Logs\SMSTSLog\loadstateprogress.log /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migdocs.xml /i:C:\_SMSTaskSequence\Packages\<ID>\amd64\migapp.xml)

Add Support for WinPE

Now that we created a basic task sequence for USMT, we suggest to add a step to support offline capture. If you start your task sequence from PXE, you will need this new step because the step we just created will fail in Windows PE. We will add a step and condition to run depending of the environment in which the task sequence is ran.

• Right-click the task sequence you just created, select Edit
• Select the Capture User Files and Settings step
• Duplicate the task by doing CTRL-C, CTRL-V
• A new Capture User Files and Settings step is created, select the Capture in Off-line mode (Windows PE only) check box and rename the step to add (WinPE) at the end
• Rename the other Capture User Files and Settings step to (FullOS)
• You’ll end up with 2 similar Capture User Files and Settings step. One for Online mode (FullOS) and one for Offline mode (WinPE)

• Select the Capture User Files and Settings (Full OS) step and click on the Options tab
• Select Add Condition, Task Sequence Variable
  • Variable : _SMSTSInWinPE
  • Condition : Equals
  • Value : False

• Select the Capture User Files and Settings (WinPE) step and click on the Options tab
• Select Add Condition, Task Sequence Variable
  • Variable : _SMSTSInWinPE
  • Condition : Equals
  • Value : True

• Click Apply and Ok to close the task sequence

Deploy SCCM Windows 10 USMT Task Sequence

We are now ready to deploy our Windows 10 USMT task sequence to the Windows 7 computer we want to upgrade.

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click your USMT Task Sequence and select Deploy
• On the General pane, select your collection. This is the collection that will receive the Windows 10 upgrade using USMT. For testing purposes, we recommend putting only 1 computer to start

• On the Deployment Settings tab, select the Purpose of the deployment
  • Available will prompt the user to install at the desired time
  • Required will force the deployment at the deadline (see Scheduling)
• You cannot change the Make available to the following drop-down since upgrade packages are available to client only

• On the Scheduling tab, enter the desired available date and time. On the screenshot, we can’t create an Assignment schedule because we select Available in the previous screen

• In the User Experience pane, select the desired options

• In the Alerts tab, check Create a deployment alert when the threshold is higher than the following check-box if you want to create an alert on the failures

• On the Distribution Point pane, select the desired Deployment options. We will leave the default options

• Review the selected options and complete the wizard

Testing on the Target Computer

For the sake of this post we created a VM with Windows 7 32 bits. We will run our newly created task sequence to upgrade to Windows 10 64 bits.

I also created multiple files in the user profile to shows the USMT actions. We simply created text documents in the various libraries and on the desktop.

• We open the Software Center, select our task sequence and click Install

• The computer will launch the USMT action before rebooting in Windows PE and install Windows 10

• Once the process completed, we have a brand new Windows 10 migrated with my files where I left them. Even the psycho tortoise wallpaper has made the move.

We hope this post will ease your Windows 10 migrations. Leave a comment if you have any questions.

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Refreshing a Windows 7 Computer to Windows 10 using USMT and SCCM appeared first on System Center Dudes.

The second upgrade for SCCM Current Branch (1511) is now available. This post is a complete step-by-step SCCM 1606 upgrade guide. If you’re looking for a complete SCCM 1511 installation guide, see our blog series which covers it all. You can’t install this upgrade if you are running SCCM 2012. You need to be at least at SCCM 1511.

Installing SCCM upgrades is very important to your infrastructure. It adds new feature and fixes lots of issues, which some of them are important.

New Update and Servicing model

If you’re not familiar with the new SCCM servicing model, read our New Update and Servicing section of the 1602 upgrade post which explain it all.

Similar to SCCM 1602, if you need to make a new SCCM installation, you can’t install SCCM 1606 directly. You need to install SCCM 1511 first and then apply SCCM 1606 from the console. SCCM 1511 is still the baseline version if you’re starting from scratch.

Update 2016/10/12

SCCM 1606 is now available as a new baseline media. You can use this new media to install a new site, or upgrade from System Center 2012 Configuration Manager with Service Pack 2 or System Center 2012 R2 Configuration Manager with Service Pack 1. See the Technet documentation for more information about the new media.

*If you are running SCCM 1511 or 1602, the latest updates will be replaced by SCCM 1606 in the SCCM Console after installation. If you are on SCCM 1511, you won’t be able to install 1602 after 1606, you can skip it and install SCCM 1606 directly which contains all 1602 features.

SCCM 1606 New features and fixes

If you’ve been installing SCCM Technical Preview in your lab, SCCM 1606 contain most features included in the latest Technical Previews (1603 and up).

Consult this Technet article for a full features list. 1606 also applies the latest KB/fixes to fix known bugs…. Including KB3155482 but not KB3174008 (which was release a week prior to 1606). If you had already installed KB3174008, 1606 will revert the fixes included in KB3174008. Microsoft recommendation is to skip this KB (unless you are really blocked by this), update to 1606 and wait for a new KB that will be available for 1606 soon. (Which will include KB3174008).

This is also the SCCM version that will bring support for the Windows 10 Anniversary update.

Here’s our list of favorite features :

• Option for clients to switch to a new software update point
  • You can enable the option for Configuration Manager clients to switch to a new software update point when there are issues with the active software update point.
• Per-app VPN for Windows 10 devices
  • For Windows 10 devices managed using Configuration Manager with Intune, you can add a list of apps that automatically open a VPN connection that you have configured through the Configuration Manager admin console. You have the option of restricting VPN traffic to those apps, or you can continue to allow all traffic through the VPN connection.
• Customize the RamDisk TFTP block size and window size on PXE-enabled distribution points
  • You can customize the RamDisk TFTP block size and window size for PXE-enabled distribution points. If you have customized your network, it could cause the boot image download to fail with a time-out error because the block or window size is too large. The RamDisk TFTP block size and window size customization allow you to optimize TFTP traffic when using PXE to meet your specific network requirements
• Improvements to the Install software updates task sequence
  • A new task sequence variable, SMSTSSoftwareUpdateScanTimeout, is available to give you the ability to control the timeout on the software updates scan during the Install software updates task sequence step. The default value is 30 minutes.
  • There have been improvements to logging. The smsts.log log file will contain new log entries that reference other log files that will help you to troubleshoot issues during the software updates installation process.

Before you begin

Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear in your console once synchronized.

If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the top-level site upgrades, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.

Before applying this update, we strongly recommend that you go through the upgrade check list provided on Technet. Most importantly, initiate a site backup before your upgrade.

In this post, we’ll be updating a standalone Primary Site Server, console and clients.

Before installing, check if your site is ready for the update :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• In the State column, ensure that the update is Available

• If it’s not available, right-click Updates and Servicing and select Check for Updates

• The update state will change to Downloading

• You can follow the download in Dmpdownloader.log

• The update files are stored in the EasyPayload folder in your SCCM Installation directory

SCCM 1606 Upgrade guide

Step 1 | SCCM 1606 Prerequisite check

Before launching the update, we recommend to launch the prerequisite check :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• Right-click the Configuration Manager 1606 update and select Run prerequisite check

• Nothing will happen, the prerequisite check runs in the background. All menu options will be grayed out during the check

• One way to see progress is by viewing C:\ConfigMgrPrereq.log

• You can also monitor prerequisite check by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status

• When completed the State column will show Prerequisite check passed

Step 2 | Launching the SCCM 1606 update

We are now ready to launch the SCCM 1606 update. At this point, plan about 45 minutes for the update installation.

• Right click the Configuration Manager 1606 update and select Install Update Pack

• On the General tab, click Next

• On the Features tab, select the features you want to update

• If you don’t select one of the feature now and want to enable it later, you’ll be able to so by using the console in Administration \ Cloud Services \ Updates and Servicing \ Features

• In the Client Update Options, select the desired option for your client update
  • This new feature allows to update only clients member of a specific collection. Refer to the Technet article for more details

• On the License Terms tab, accept the licence terms and click Next

• On the Summary tab, review your choices and click Next

• On the Completion tab, close the wizard. The whole process took a minute but the installation is not over, it has been initiated

• During installation, the State column changes to Installing
• You can  monitor installation by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status

• … or you can follow detailed installation progress in SCCM Installation Directory\Logs\CMUpdate.log

• When completed, you’ll notice the message There are no pending update package to be processed in the log file
• Monitoring / Site Servicing Status, right-click your Update Name and select Show Status, the last step will be Installation Succeeded

• Refresh the Updates and Servicing node, the State column will be Installed

Updating the consoles

As in 1602, the console has an auto-update feature. At console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.

• Since all updates operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console
• Click OK,  console update will starts automatically

• Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version

Verification

Consoles

After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 5.0.8412.1003. You can also notice that Version 1606 is stated.

Servers

• Go to Administration \ Site Configuration \ Sites
• Right-click your site and select Properties
• Verify the Version and Build number

Clients

The client version will be updated to 5.00.8412.1006 (after updating, see section below)

SCCM 1606 Client Package distribution

You’ll see that the 2 client packages are updated :

• Navigate to Software Library \ Application Management \ Packages

• Check if both package were updated, if not, select both package and initiate a Distribute Content to your distribution points

Boot Images

Boot images are automatically updated during setup. See our post on upgrade consideration in large environment to avoid this if you have multiple distribution points.

• Go to Software Library / Operating Systems / Boot Images
• Select your boot image and check the last Content Status date. It should match your setup date

Updating the Clients

Our preferred way to update our clients is by using the Client Upgrade feature :

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

Monitor SCCM client version number

SCCM Reports Client Version

You can see our SCCM Client version reports to give detailed information about every clients versions in your environment. It’s the easiest way to track your client updates.

Collections

You can also create a collection that targets clients without the latest client version. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8412.1006'

Happy updating !

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Step-by-Step SCCM 1606 Upgrade Guide appeared first on System Center Dudes.

With the introduction of new Windows 10 service branches, you will need to upgrade your Windows 10 devices at a much faster pace. Hopefully, SCCM Current Branch (1511 and higher) has built-in features to help you fulfill this task. You can choose between Upgrade Task Sequence or the new Windows Servicing feature. This post will describe how to upgrade Windows 10 using SCCM Upgrade Task Sequence.

If you are running SCCM 1511 we recommend to use the Upgrade Task Sequence over the new servicing features. There is an issue in SCCM 1511 that make all Windows 10 languages and editions to be downloaded to the device when the ADR runs. This is fixed in SCCM 1602, using a new filter you can exclude unwanted languages and editions.

If you are running SCCM 1602 or later, it’s really a matter of preference of which process to use. Each one has their own advantages, the new servicing features is using the ADR/Software Update engine, the Task Sequence one is using Task Sequence engine. The Task Sequence method allows to run additional tasks after the upgrade or install new applications. Read both our post before making your decision or use both if needed.

In this post, we will be upgrading a Windows 10 1511 to Windows 10 1607 using SCCM 1606. You can use this method to upgrade any upcoming Windows 10 release. Refer to our other blog post if you’re looking to upgrade Windows 7 to Windows 10 using task sequences.

Requirement for Windows 10 SCCM Task Sequence Upgrade

In an upgrade task sequence, you will need to have the full Windows 10 1607 media imported in Operating System Upgrade Packages node in SCCM :

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Operating System Upgrade Packages
• Select Add Operating System Upgrade Packages

• Select the path where you extracted the Windows 10 ISO

• In the General tab, edit Name, Version and Comment fields, click Next

• In the Summary tab, review your choices and click Next

• Your operating system upgrade package is imported and ready to use in an upgrade task sequence

Distribute Operating System Upgrade Packages

• Select your newly imported operating system upgrade packages and select Distribute Content

Send it to all your distribution points where you will be doing Windows 10 upgrade

Create Windows 10 Upgrade Task Sequence

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequence and select Create Task Sequence

• Select Upgrade an operating system from an upgrade package, click Next

• In the Task Sequence Information tab, modify the Task sequence name and description if needed, click Next

• In the Upgrade the Window Operating System tab, click Browse and select your imported package, click Ok then Next

• In the Include Updates tab, we’ll select Do not install any software updates

• In the Install Applications tab, add any applications you want to install after the upgrade, click Next

• Review your choices, click Next and close the Create Task Sequence Wizard

• If you right click your newly created task sequence and select Edit, you’ll notice that the task sequence is really simple. You can add additional steps if required

Deploy the Task Sequence

• Right click your newly created task sequence and select Deploy

• In the General tab, click Browse and select a collection that contains your Windows 10 devices to be upgraded. At this point, we recommend to select a collection containing a couple of devices to test your deployment. Click Next

• In the Deployment Settings tab, select the Purpose (Available or Required). For this post we will select Available, click Next

• In the Scheduling tab, select the desired date and time, click Next

• In the User Experience tab, select desired options and click Next

• In the Alerts tab, decide if you want to create alerts for the deployment and click Next

• In the Distribution Points tab, select desired options, click Next

• Review your settings, click Next and close the wizard

Deploy the Task Sequence on a Device

Now that our task sequence is targeted to our Windows 10 device, we need to open the Software Center to initiate the upgrade process.

Before launching, let’s look at our current Windows 10 version :

• Open a command prompt and enter ver
• We are running Windows 10 1511 (Build 10586)

• In the Start Menu, select Software Center. We are using the new Software Center, your screens may differ if you’re not.
• Browse to Operating Systems and select your task sequence

• Select Install

• Accept the warning by selecting Install Operating System (No, your data won’t be lost !)

• The installation process starts. You can monitor the progress in C:\Windows\CCM\Logs\SMSTSLog\SMSTS.log

• The computer will restart after about 5 minutes
• The whole upgrade process takes about 30 to 45 minutes and your device will be rebooted several time

• Once completed, log on the computer using your account. Windows is happy to tell you that it’s updated

• Open a command prompt and enter ver
• We are now running Windows 10 1607 (Build 14393)

Use the comment section to tell which upgrade method you are preferring.

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Upgrade Windows 10 using SCCM Task Sequence appeared first on System Center Dudes.

With the introduction of new Windows 10 service branches, you will need to upgrade your Windows 10 devices at a much faster pace. Hopefully, SCCM Current Branch (1511 and higher) has built-in features to help you fulfill this task. You can choose between Upgrade Task Sequence or the new Windows Servicing feature. This post will describe how to use SCCM Windows 10 servicing plans to upgrade Windows 10 devices.

If you are running SCCM 1511 we recommend using the Upgrade Task Sequence over servicing plans. SCCM 1511 has an issue that makes all Windows 10 languages and editions to be downloaded to the device when the ADR runs. This is fixed in SCCM 1602, using a new filter you can exclude unwanted languages and editions.

If you are running SCCM 1602 or later, it’s really a matter of preference of which process to use. Each one has their own advantages, the new servicing features is using the ADR/Software Update engine, the Task Sequence one is using Task Sequence engine. The Task Sequence method allows to run additional tasks after the upgrade or install new applications. Read both our post before making your decision or use both if needed.

In this post, we will be upgrading a Windows 10 1511 to Windows 10 1607 using SCCM 1606 serving plans. You can use this method to upgrade any upcoming Windows 10 release. You can’t use servicing plans to upgrade Windows 7 or Windows 8 computers.

SCCM Windows 10 Servicing Plans Requirements

Before using Windows 10 servicing plans you need:

• An Active Software Update Point
• Enable Heartbeat Discovery – Data displayed in the Windows 10 servicing dashboard is found by using discovery
• Install WSUS hotfixes and follow the required manual installation steps that are outlined in the KB3159706 article
• Install WSUS hotfix to enable WSUS support for Windows 10 feature upgrades
• Enable Windows 10 product and Upgrade classification in your software update point

Once the first 4 steps are completed, let’s bring Windows 10 upgrade packages to your software update point :

• Open the SCCM Console
• Go to Administration \ Site Configuration \ Sites
• On the top ribbon, select Configure Site component and Software Update Point

• In the Products tab, select Windows 10

• In the Classifications tab, select Upgrades

• Accept the prerequisite warning. Go back and install these hotfixes if you haven’t done it before

• Close the Software Update Point Component properties window
• Go to Software Library \ Windows 10 Servicing
• Right-click Windows 10 Servicing, select Synchronize Software Updates

• As for any Software Update synchronization process, follow the action in Wsyncmgr.log in your SCCM installation directory
• Once completed, go to Software Library \ Windows 10 Servicing \ All Windows 10 Updates
• You should have Windows 10 Upgrade packages listed

Feature Updates vs Upgrades

After your synchronization, you’ll notice 2 types of packages. This is a bit confusing. As you can see in the screenshot, for Windows 1607 Enterprise, we only has Feature Update to Windows 10 Enterprise we don’t have an Upgrade to Windows 10 Enterprise package for 1607… yet.

Why ?

The short story : At the time of this writing, the 1607 build is in the Current Branch readiness state. (listed as Feature Update). When this build falls into Current Branch for Business (Approximately 4 months), a new release will be available in Windows Update and then in SCCM (listed as Upgrade).

• Feature Upgrade : New build at the time of the release
• Upgrade : Feature Update + Servicing Update (Patches) since media first published

In this post, we’ll be using Feature Updates. During our tests, we also tried the Upgrade package on a 1507 computer (1507 -> 1511) without issues. If you have both available at the time of creating your servicing plan, use the Upgrade package since it includes Servicing Updates.

Long Story : If you want the Microsoft version, refer to the complete Technet documentation.

The 2 key phrases from this documentation are:

• Feature upgrades that install the latest new features, experiences, and capabilities on devices that are already running Windows 10. Because feature upgrades contain an entire copy of Windows, they are also what customers use to install Windows 10 on existing devices running Windows 7 or Windows 8.1, and on new devices where no operating system is installed
• Approximately four months after publishing the feature upgrade, Microsoft uses Servicing Branch #1 again to republish/updated installation media for Windows 10 Pro, Education, and Enterprise editions. The updated media contains the exact same feature upgrade as contained in the original media except Microsoft also includes all the servicing updates that were published since the feature upgrade was first made available. This enables the feature upgrade to be installed on a device more quickly, and in a way that is potentially less obtrusive to users.

Create Servicing Plans

Now that we have Windows 10 upgrade packages in SCCM, we can create a servicing plan for our Windows 10 devices. Servicing Plan and Automatic Deployment Rules shares the same engine so you won’t be disoriented by servicing plans.

Looking at the Windows 10 Servicing dashboard, our 3 Windows 10 1511 are near expiration (Expire Soon).

• Go to Software Library \ Windows 10 Servicing \ Servicing Plan
• Right-click Servicing Plan and select Create Servicing Plan

• In the General Pane, give a Name and Description, click Next

• On the Servicing Plan tab, click Browse and select your Target Collection

• In the Deployment Ring tab :
  • Specify the Windows readiness state to which your servicing plan should apply
  • Specify how many days you want to wait before deploying

• In the Upgrade tab, specify the Language, Required and Title of the upgrade packages you want to deploy. This is a nice addition to the SCCM 1602 release, in 1511 all languages were downloaded

• Use the Preview button to ensure that you are targeting the right version (We are targeting Windows 10 1607 Enterprise en-us devices that are Required)

• In the Deployment Schedule tab, select the desired behavior

• In the User Experience tab, select the desired options

• In the Deployment Package tab, select Create a new deployment package and enter your Package Source path

• In the Distribution Points tab, select your distribution point

• In the Download Location tab, select Download software updates from the Internet

• In the Language Selection tab, select your language

• In the Summary tab, review your settings and close the Create Servicing Plan wizard

• Right-click your newly created Servicing Plan and select Run Now

• You can see that the deployment gets created in the Monitoring / Deployments section

Servicing Plan Deployment

Now that the deployment are triggered for clients, we will launch the installation manually using software center.

• Log on your Windows 10 computer
• We verify that we are running Windows 10 Enterprise version 1511 (Build 10586.218)

• Open the Software Center, under Updates, Feature Update to Windows 10 Enterprise 1607 is listed

• Select it and select Install

• Accept the warning by clicking Install Operating System. (Your data won’t be lost)

• Installation is running

• The computer will restart after about 5 minutes
• The whole upgrade process takes about 30 to 45 minutes and your device will be rebooted several time

• Once completed, log on the computer using your account. Windows is happy to tell you that it’s updated

• We are now running Windows 10 Enterprise version 1607 (Build 14393)

• Back in the Software Library \ Windows 10 Servicing \ Servicing Plan node
• Our machine is now listed as version 1607 and is no longer listed as Expire Soon
• The Service Plan Monitoring section can be used to monitor compliance and you can use the Deploy Now button to deploy the same service plan to a new collection

Use the comment section to tell which upgrade method you are preferring.

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Upgrade Windows 10 using SCCM Servicing Plans appeared first on System Center Dudes.

The third upgrade for SCCM Current Branch is now available. This post is a complete step-by-step SCCM 1610 upgrade guide. If you’re looking for a complete SCCM installation guide, see our blog series which covers it all. You can’t install this upgrade if you are running SCCM 2012. You need to be at least at SCCM 1511.

Installing SCCM upgrades is very important to your infrastructure. It adds new feature and fixes lots of issues, which some of them are important.

New Update and Servicing Model

If you’re not familiar with the new SCCM servicing model, read our New Update and Servicing section of the 1602 upgrade post which explain it all.

Similar to SCCM 1606, if you need to make a new SCCM installation, you can’t install SCCM 1610 directly. You need to install SCCM 1511 (or 1606) first and then apply SCCM 1610 from the console. SCCM 1606 is the baseline version if you’re starting from scratch.

*If you are running SCCM 1511, 1602 or 1606, the latest updates will be replaced by SCCM 1610 in the SCCM Console after installation. If you are on SCCM 1511, you won’t be able to install 1602 or 1606 after 1610. You can skip all previous versions and install SCCM 1610 directly which contains all 1602 and 1606 fixes and features.

SCCM 1610 New Features and Fixes

If you’ve been installing SCCM Technical Preview in your lab, SCCM 1606 contain most features included in the latest Technical Previews (1605 and up).

1610 includes lots of new features and enhancements in Windows 10 and Office 365 management, application management, end user experience, client management and also includes new functionality for customers using Configuration Manager in hybrid mode with Microsoft Intune.

Consult the Summary of changes in System Center Configuration Manager version 1610 article for a full list of changes.

Consult this Technet article for a full features list. 1606 also applies the latest KB/fixes to fix known bugs, including KB3202796, KB3192616, KB3186654 and KB3180992

Here’s our list of favorite features :

• Office 365 Servicing Dashboard and app deployment to clients features help you to deploy Office 365 apps to clients as well as track Office 365 usage and update deployments.
• Software Updates Compliance Dashboard allows you to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.
• Cloud Management Gateway provides a simpler way to manage Configuration Manager clients on the Internet. You can use the SCCM console to deploy the service in Microsoft Azure and configure the supported roles to allow cloud management gateway traffic.
• Client Peer Cache is a new built-in solution in Configuration Manager that allows clients to share content with other clients directly from their local cache with monitoring and troubleshooting capabilities.
• Enhancements in Software Center including customizable branding in more dialogs, notifications of new software, improvements to the notification experience for high-impact task sequence deployments, and ability for users to request applications and view request history directly in Software Center.

Before you begin

Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear in your console once the Service Connection Point is synchronized.

If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the top-level site upgrades, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.

Before applying this update, we strongly recommend that you go through the upgrade check list provided on Technet. Most importantly, initiate a site backup before your upgrade.

In this post, we’ll be updating a standalone Primary Site Server, consoles and clients.

Before installing, check if your site is ready for the update :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• In the State column, ensure that the update is Available

• If it’s not available, right-click Updates and Servicing and select Check for Updates

• The update state will change to Downloading

• You can follow the download in Dmpdownloader.log or by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status

• The process will first download a .CAB file and will then extract the file in the EasyPayload folder in your SCCM Installation directory. It can take up to 15 minutes to extract all files.

SCCM 1610 Upgrade guide

Step 1 | SCCM 1610 Prerequisite check

Before launching the update, we recommend to launch the prerequisite check :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• Right-click the Configuration Manager 1610 update and select Run prerequisite check

• Nothing will happen, the prerequisite check runs in the background. All menu options will be grayed out during the check

• One way to see progress is by viewing C:\ConfigMgrPrereq.log

• You can also monitor prerequisite check by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status

• When completed the State column will show Prerequisite check passed

Step 2 | Launching the SCCM 1610 update

We are now ready to launch the SCCM 1610 update. At this point, plan about 45 minutes for the update installation.

• Right click the Configuration Manager 1610 update and select Install Update Pack

• On the General tab, click Next

• On the Features tab, select the features you want to update

• If you don’t select one of the feature now and want to enable it later, you’ll be able to so by using the console in Administration \ Cloud Services \ Updates and Servicing \ Features

• In the Client Update Options, select the desired option for your client update
  • This new feature allows to update only clients member of a specific collection. Refer to our pre-production client deployment post for more details

• On the License Terms tab, accept the licence terms and click Next

• On the Summary tab, review your choices and click Next

• On the Completion tab, close the wizard. The whole process took a minute but the installation is not over, it has been initiated

• During installation, the State column changes to Installing

• You can  monitor installation by going to Monitoring / Site Servicing Status, right-click your Update Name and select Show Status

• … or you can follow detailed installation progress in SCCM Installation Directory\Logs\CMUpdate.log

• When completed, you’ll notice the message There are no pending update package to be processed in the log file
• Monitoring / Site Servicing Status, right-click your Update Name and select Show Status, the last step will be Installation Succeeded

• Refresh the Updates and Servicing node, the State column will be Installed

Updating the consoles

As previous Cumulative update, the console has an auto-update feature. At console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.

• Since all updates operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console
• Click OK,  console update will starts automatically

• Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version

Verification

Consoles

After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 5.0.8458.1500. You can also notice that Version 1610 is stated.

Servers

• Go to Administration \ Site Configuration \ Sites
• Right-click your site and select Properties
• Verify the Version and Build number

Clients

The client version will be updated to 5.00.8458.1005 (after updating, see section below)

SCCM 1610 Client Package distribution

You’ll see that the 2 client packages are updated :

• Navigate to Software Library \ Application Management \ Packages

• Check if both package were updated, if not, select both package and initiate a Distribute Content to your distribution points

Boot Images

Boot images are automatically updated during setup. See our post on upgrade consideration in large environment to avoid this if you have multiple distribution points.

• Go to Software Library / Operating Systems / Boot Images
• Select your boot image and check the last Content Status date. It should match your setup date

Updating the Clients

Our preferred way to update our clients is by using the Client Upgrade feature : (You can refer to our complete post documenting this feature)

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

Monitor SCCM Client Version Number

SCCM Reports Client Version

You can see our SCCM Client version reports to give detailed information about every clients versions in your environment. It’s the easiest way to track your client updates.

Collections

You can also create a collection that targets clients without the latest client version. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8458.1005'

Happy updating !

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post Step-by-Step SCCM 1610 Upgrade Guide appeared first on System Center Dudes.

SQL Server is obviously a key component to take care of, for a healthy SCCM infrastructure. While SCCM supports a wide variety of SQL Server versions, keeping it up to date may be a good idea to avoid getting out of support.

In this post, we will detail how to upgrade SCCM SQL 2014 to SQL 2017. SQL 2019 is available for a couple of weeks, but it’s still not listed as supported in the SCCM documentation.

If you’re looking to install SQL 2017 from scratch, jump to our post on this topic.

Upgrade SCCM SQL version Requirements

• Current SQL versions must be one of the following :
  • SQL Server 2008 SP4 or later
  • SQL Server 2008 R2 SP3 or later
  • SQL Server 2012 SP2 or later
  • SQL Server 2014 or later
  • SQL Server 2016 or later

• Download SQL reporting services
• Download SQL Management studio
• The operating system is still under support, which means Windows server 2012 or higher
• Destination edition of SQL must match or higher than current installation
  • Meaning Standard can be upgraded to Standard but as well to Enterprise.
  • See below link for compatibility table

For more details about requirements, see this Microsoft docs page.

Pre-Upgrade tasks

• Validate SQL functionality used are supported by the destination edition, which should be for SCCM
• Make sure Windows authentication is enabled, which should be for SCCM
• Uninstall SQL Management Studio, as this is no longer included in the SQL installation.
• Make sure there’s no pending restart
• Stop SMS_EXECUTIVE to stop all SCCM components
  • Go to Monitoring/System Status/Component Status and select Start/Configuration Manager Service manager

• Select the SMS_Executive component and stop it

• Make sure all components are stopped

Upgrade SQL Reporting services 2017

Before upgrading the SQL server, Reporting services must be updated. This component is no longer part of the main installation and comes as a standalone download. Upgrade will be prevented until the current version of SQL Reporting services is still installed on the server.

• Backup any custom reports from the Report Server.

• In Reporting services configuration manager, backup SQL reporting services Encryption keys

• Install SQL server 2017 reporting services

• Provide the cd-key. It can be found in the install wizard from the SQL 2017 ISO as well as your licensing website.

• Accept license terms

• This will only install the reporting services. It will not connect to current reporting database

• Select the install path and click Install

• Start configuring SQL reporting services

• Configure Reporting services as it was with the previous version.

Upgrade SCCM SQL version

• Mount the ISO and select Upgrade

• Provide Product Key or continue as an evaluation. Make sure current and future edition support this upgrade path

• Accept license terms

• Select the desired instance to upgrade

• Check the box to uninstall Reporting services if it was not previously done.

• Confirm features that will be upgraded

• Confirm the instance to be upgraded

• Click Upgrade to begin

• Upgrade completed!

Post upgrade tasks

• SCCM requires a minimum CU2 to be installed on SQL 2017. At the time of writing this article, CU18 is the latest available. Make sure to install the latest cumulative update for SQL server 2017
• Uninstall unnecessary SQL server components from the previous version, if any are still there like the Management Studio
• Review SCCM status
• Review SCCM reports on the web and in console

Hope this helps!

Benoit Lecours

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 5 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.

The post How to upgrade SCCM SQL version appeared first on System Center Dudes.

Microsoft has released the third SCCM version for 2022. SCCM 2211 has been released on December 5th, 2022. This post is a complete step-by-step SCCM 2211 upgrade guide, meaning that if you want to upgrade your existing SCCM/MEMCM installation to the latest SCCM/MEMCM updates, this post is for you.

If you’re looking for a comprehensive SCCM installation guide to building a new server, refer to our blog series which covers it all.

You won’t be able to install SCCM 2211 if you are running SCCM 2012. Well, that’s an odd phrase! Thank you current branch naming.

SCCM 2211 is not a baseline version. This means that if you’re downloading the source from Volume Licensing, SCCM 2203 will be the starting version of your new SCCM site and you’ll need to apply SCCM 2211 on top of it.

At the time of this writing, SCCM 2211 is available in the Early update ring. You must run the opt-in script to see it appear in the console. We’ll cover that in the Installation section.

To install SCCM 2211 as an update, you must have installed SCCM 2107 or later. If you check for updates in your console and it’s not showing up, continue reading, we’ll describe how to get it using the “Fast Ring” script.

Keeping your infrastructure up to date is essential and recommended. You will benefit from the new features and fixes, which some of them can apply to your environment. It’s easier than ever to upgrade since Microsoft has implemented the servicing model directly from the console.

SCCM 2211 Upgrade Guide – New Features and Fixes

SCCM 2211 includes fewer new features and enhancements than its predecessors. There are still new features that touch site infrastructure, content management, client management, co-management, application management, operating system deployment, software updates, reporting, and configuration manager console.

You can consult the What’s new in version 2211 of System Center Configuration Manager Technet article for a full list of changes.

Here’s our list of favorite features. Microsoft brings together SCCM/MEMCM and Intune into a single console called Microsoft Endpoint Manager admin center. We’ll do blog posts on the most interesting feature in the coming weeks :

• Network Access Account (NAA) account usage alert
• Featured Apps in Software Center
• Improvements to Cloud Sync
• Dark theme is now extended to more dashboards
• Enhancements in console search experience

Support for SCCM Current Branch Versions

Ensure to apply this update before you fall into an unsupported SCCM version. Read about the support end date of the prior version of the following Technet article.

Windows and SQL Support

Before installing, make sure that you are running a supported Operating System and SQL version. Older SCCM version was giving a warning during the Prerequisite check but 2211 is giving an error that prevents the installation from continuing.

SCCM 2211 supports only Windows 2012+ and SQL 2012 SP3+.

The support lifecycle for SQL Server 2012 ends on July 12, 2022. Plan to upgrade database servers in your environment, including SQL Server Express at secondary sites.

Before you Begin – SCCM 2211 Upgrade Guide

Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear on your console once the Service Connection Point is synchronized.

If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the CAS upgrade, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade to the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.

Before applying this update, we strongly recommend that you go through the upgrade checklist provided on Technet. Most importantly, initiate a site backup before you upgrade.

There are a couple of new important prerequisite checks in this SCCM 2211 release :

Configuration Manager current branch version 2107 has a warning prerequisite rule that checks for Microsoft .NET Framework version 4.6.2. This version of .NET is required on site servers, specific site systems, clients, and the Configuration Manager console.

Starting in this release, this prerequisite rule for .NET 4.6.2 is an error. Until you upgrade.NET, you can’t continue installing or updating the site to this version of ConfigurationManager

When the Configuration Manager client updates to version 2211 or later, client notifications are dependent upon .NET 4.6.2 or later. Until you update .NET to version 4.6.2 or later, and restart the device, users won’t see notifications from ConfigurationManager. Other client-side functionality may be affected until the device is updated and restarted. For more information, see More details about Microsoft .NET.

The prerequisite check will verify all that for you :

In this post, we will update a stand-alone primary site server, consoles, and clients. Before installing, check if your site is ready for the update:

• Open the SCCM console
• Go to Administration \ Updates and Servicing
• In the State column, ensure that the update Configuration Manager
  2211 is Ready to install

• If it’s not available, right-click Updates and Servicing and select Check for Updates

The SCCM 2211 update is not yet available for everyone. If you need it right away you can run the Fast-Ring script and the update will show up.

• If the update is not downloading, click on the button Download on the upper node. The update state will change to Downloading
• You can follow the download in Dmpdownloader.log or by going to Monitoring / Updates and Servicing Status, right-clicking your Update Name, and selecting Show Status
• The process will first download .CAB file and will extract the file in the EasyPayload folder in your SCCM installation directory.
• It can take up to 15 minutes to extract all files.

SCCM 2211 Upgrade Guide

Step 1 | SCCM 2211 Prerequisite Check

Before launching the update, we recommend launching the prerequisite check first. To see the prerequisite checklist, see the Microsoft Documentation

• Open the SCCM console
• Go to Administration \ Updates and Servicing
• Right-click the Configuration Manager 2211 update and select Run prerequisite check

• Nothing will happen, the prerequisite check runs in the background and all menu are unavailable during the check
• One way to see progress is by viewing C:\ConfigMgrPrereq.log

• You can also monitor prerequisite checks by going to Monitoring / Update and Servicing Status, right-click your Update Name and select Show Status

• If you have any warnings, follow the recommendation to fix the issue in the bottom pane

• The check if HTTPS or Enhanced HTTP is enabled will probably pop for a lot of you. We release a full blog post on how to fix this warning. For now, this is supported until Oct 31, 2022.
• When completed the State column will show Prerequisite check passed
• Right-click the Configuration Manager 2211 update and select Install Update Pack

Step 2 | Launching the SCCM 2211 Update

We are now ready to launch the SCCM 2211 update. At this point, plan about 45 minutes to install the update.

• On the General tab, click Next

• On the Features tab, checkboxes on the features you want to enable during the update

• Don’t worry, if you don’t select one of the features now and want to enable it later, you’ll be able to so by using the console Administration \ Updates and Servicing \ Features

• In the Client Update Options, select the desired option for your client update
  • This option allows updating only clients members of a specific collection. Refer to our pre-production client deployment post for more details

• On the License Terms tab, accept the license terms and click Next

• On the Summary tab, review your choices, click Next and close the wizard on the Completion tab

The whole process took a minute but the installation begins on the back end.

• During installation, the State column changes to Installing

• We suggest you monitor the progress, by navigating to Monitoring / Updates and Servicing Status, right-clicking your Update Name and select Show Status

Unfortunately, the status is not updated in real-time. Use the Refresh button to update the view.

• Open the SCCM update log SCCMInstallationDirectory\Logs\CMUpdate.log with CMTrace

We’ve done numerous SCCM upgrades. Some installations start a couple of minutes after you complete the wizard but we’ve seen some installation starts after a 10 minutes delay. Do not reboot or restart any services during this period or your update can be stuck in the “Prerequisite check passed” status. There are actually no officially documented methods by Microsoft to fix that. Patience is the key!

• When completed, you’ll notice the message There are no pending update packages to be processed in the log file
• Monitoring / Updates and Servicing Status, right-click your Update Name and select Show Status, the last step will be Installation Succeeded
• Refresh the Updates and Servicing node in Administration, the State column will be Installed

Updating the Outdated Consoles

As a previous update, the console has an auto-update feature. At the console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.

• Since all update operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console

• Click OK, console restart and the update will start automatically

• Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version

Verification

Consoles

After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 9096 and the version is now Version 2211 .

SCCM Servers

• Go to Administration \ Site Configuration \ Sites
• Right-click your site and select Properties
• Verify the Version and Build number

Upgrade SCCM 2211 Clients

The client version will be updated to 5.00.9096.100x (after updating, see the section below)

SCCM 2211 Client Package distribution

You’ll see that the 2 client packages are updated:

• Navigate to Software Library \ Application Management \ Packages

• Check if the update is successful, otherwise, select both packages and initiate a Distribute Content to your distribution points

Boot Images

Boot images will automatically update during setup. See our post on upgrade consideration in a large environment to avoid this if you have multiple distribution points.

• Go to Software Library / Operating Systems / Boot Images
• Select your boot image and check the last Content Status date. It should match your setup date

SCCM 2211 Upgrade Guide – Upgrade Clients

Our preferred way to update our clients is by using the Client Upgrade feature: (You can refer to our complete post documenting this feature)

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Client Upgrade tab
• The Upgrade client automatically when the new client update is available to the checkbox is enabled
• Review your time frame and adjust it to your needs

Reconfigure SQL Server AlwaysOn availability groups

To complete SCCM 2211 Upgrade Guide, if you use an availability group, reset the failover configuration to automatic. For more information, see SQL Server AlwaysOn for a site database.

Reconfigure any disabled maintenance tasks

If you disabled database maintenance tasks at a site before installing the update, reconfigure those tasks. Use the same settings that were in place before the update.

SCCM 2211 Upgrade Guide – Monitor SCCM Client Version Number

SCCM Reports Client Version

You can see our SCCM Client version reports to give detailed information about every client version in your environment. It’s the easiest way to track your client updates.

Collections

In conclusion, you can create a collection that targets clients without the latest client version because is very useful when it comes to monitoring a non-compliant client.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.9096.1008'

The post Step-by-Step SCCM 2211 Upgrade Guide appeared first on System Center Dudes.

This blog post will cover all the tasks needed to upgrade Windows 11 22H2 using SCCM. We will cover scenarios for new and existing computers that you may want to upgrade.

Microsoft published the Windows 11 22H2 feature update on VLSC on September 2022.

Windows 11, version 22H2 is a scoped release focused on quality improvements to the overall Windows experience in existing feature areas such as quality, productivity, and security. Home and Pro editions of the 2022 Update will receive 24 months of servicing, and Enterprise and Education editions will have 30 months of service.

You may also need to deploy Windows 11 22H2 to your existing Windows 11 computer to stay supported or to benefit from the new features. There are a couple of important changes in this release.

Before deploying a new Windows 11 feature upgrade, you need to have a good plan. Test it in a lab environment, deploy it to a limited group, and test all your business applications before broad deployment. Do not treat a feature upgrade as a normal monthly software update.

You can also follow our complete Windows 10 Deployment blog post series if you’re unfamiliar with the whole upgrade process.

Table of Content

• Prerequisites
• Check if you have an SCCM Supported version
• Upgrade your Windows ADK
• Download Windows 11 22H2 ISO
• Mount and extract the ISO file
• Upgrade Strategy – Task Sequence or Servicing Plans
• Import the WIM SCCM to use with your new computer Task Sequence
• Distribute your Wim File
• Import the Upgrade Package in SCCM to use with your new computer Task Sequence
• Distribute your Upgrade Package File
• Create a Windows 11 Upgrade Task Sequence for Windows 11
• Create a Windows 11 Task Sequence for new Windows 11 computers
• Edit your Windows 11 22H2 Task Sequences
• Deploy the SCCM Windows 11 22H2 Upgrade Task Sequence
• Launch the Upgrade Process on a Windows 11 computer
• Launch the Process on a new Windows 11 computer
• Deploy Windows 11 22H2 using Feature Update
• Deploy Windows 11 22H2 using Servicing Plans
• Deploy Windows 11 22H2 using Enablement Package
• Monitor your deployments
• Import your ADMX

Prerequisite SCCM Windows 11 22H2 Upgrade

SCCM Version

You need at least SCCM 2207 in order to support Windows 11 22H2. See the following support matrix if you’re running an outdated SCCM version and make sure to update your site.

Windows ADK

The following table lists the versions of the Windows ADK that you can use with different versions of Configuration Manager.

Before capturing and deploying a Windows 11 22H2 image, make sure that you’re running a supported version of the Windows ADK. Windows recommends using the Windows ADK that matches the version of Windows you’re deploying. If you’re already running an ADK version on your SCCM server, see our post on how to install a new version.

Download Windows 11 22H2 ISO

In order to deploy Windows 11 22H2 using SCCM to a new device, we need to download the .ISO file. To get the ISO file, you can either download it from MSDN or VLSC.

• In the portal, find Windows 11 (business editions), Version 22H2
• Select the architecture and language, Click on Download
• Save the ISO file on your SCCM file repository

Mount and Extract Windows 11 22H2 ISO

Before you can import the Operating System into SCCM, mount and extract the Windows 10 ISO to a folder on your SCCM File repository.

We like to save all the SCCM Windows 11 22H2 Upgrade content in one folder for the full operating system (Ex: Win11-22H2-FullMedia) and extract the Install.wim file from the \Sources folder to another directory. (Ex:Win11-22H2-Wim). You’ll understand why later in this guide.

Upgrade Strategy – Task Sequence, Servicing Plan, Feature Update, Enablement Package?

In order to upgrade an existing Windows 11 to Windows 22H2, you have 4 choices: You can use an upgrade Task Sequence, Servicing Plans, Feature Update, or deploy using an Enablement Package.

For brand-new computers with Windows 11 deployment, Task Sequences are the only option.

Task Sequences are customizable: You can run pre-upgrade and post-upgrade tasks which could be mandatory if you have any sort of customization to your Windows 11 deployments. For example, Windows 10 resets pretty much anything related to regional settings, the keyboard, start menu, and taskbar customization. Things are getting better from one version to another but if you’re upgrading from an older build, let’s say 1903, expect some post-configuration tasks… and the only way to do that is using a task sequence.

Servicing Plan has simplicity, you set your option and forget, as Automatic Deployment Rules does for Software Updates. We have yet to have any client that doesn’t want any control over Windows 10 upgrades in their organization. We totally understand the point of the Servicing Plan and they’ll be useful in a couple of releases when Windows 10 upgrades will be an easy task… but for now, it’s not, unfortunately. You can’t use servicing plans to upgrade Windows 7/8 to Windows 10. For migration, you must use an upgrade task sequence.

Feature Updates are deployed, managed, and monitored as you would deploy a Software Update. You download and deploy it directly from the SCCM console. Features Updates are applicable and deployable only to existing Windows 11 systems.

Lastly, there’s a new option that you can use: Windows 11 Enablement Package. Some Windows 11 version shares the same core OS with an identical set of system files, but the new features are in an inactive and dormant state. By deploying the Enablement package you just enable the new feature. The advantage is that it reduces the updated downtime with a single restart. Use the enablement package only to jump to the next Windows 11 version (example: 1903 to 1909 OR 20H2 to 21H2). You cannot deploy an enablement package let’s say to jump 4 Windows versions (for example 1903 to 21H2).

We will cover all the options in this post.

Option #1 – Task Sequences

Import SCCM Windows 11 22H2 Operating System

Some screenshots were taken from the Windows 10 post but still applies to this post

We will now import the Windows 11 22H2 WIM file for Operating System Deployment. You should have downloaded the ISO file in the first step of this guide.

We will be importing the default Install.wim from the Windows 11 media for a “vanilla” Windows 11 deployment. You could also import a WIM file that you’ve created through a build-and-capture process.

This WIM file will be used for new computers, to upgrade an existing Windows 10, you need to import an Operating System Upgrade Packages. We will cover this in the next section.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Images
• Right-click Operating System Images and select Add Operating System Image

• On the Data Source tab, browse to your WIM file. The path must be in UNC format
• You can now select to import only a specific index from the WIM file. We selected the Windows 11 Enterprise index
• Select your Architecture and Language at the bottom and click Next

• Select your Pre-cache option

• In the General tab, enter the Name, Version and Comment, click Next

• On the Summary tab, review your information and click Next
• Complete the wizard and close this window
• The import process will take about 5 minutes to complete

Distribute your SCCM Windows 11 22H2 Operating System Image

We now need to send the Operating System Image (WIM file) to our distribution points.

• Right-click your Operating System Image, select Distribute Content and complete the Distribute Content wizard

Add Operating System Upgrade Packages

We will now import the complete Windows 11 media in Operating System Upgrade Packages. This package will be used to upgrade an existing Windows 11 or a Windows 7 (or 8.1) device to Windows 11 using an Upgrade Task Sequence.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Upgrade Packages
• Right-click Operating System Upgrade Packages and select Add Operating System Upgrade Packages

• In the Data Source tab, browse to the path of your full Windows 10 media. The path must point to an extracted source of an ISO file. You need to point at the top folder where Setup.exe reside
• You can now select to import only a specific index from the WIM file. We selected the Windows 11 Enterprise index
• Select your Architecture and Language at the bottom and click Next

• Select your Pre-Cache options

• In the General tab, enter the Name, Version, and Comment, click Next

• On the Summary tab, review your information and click Next and complete the wizard

Distribute your Operating System Upgrade Packages

We now need to send the Operating System Upgrade Package to your distribution points.

• Right-click your Operating System Upgrade Package, select Distribute Content and complete the Distribute Content wizard

Create an Upgrade SCCM Task Sequence for Windows 11 Computers

Let’s create an SCCM task sequence upgrade for a computer running a previous version of Windows 11.

This Task Sequence could be used to upgrade an existing Windows 11 computer.

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Upgrade an operating system from upgrade package

• In the Task Sequence Information tab, enter a Task Sequence Name and Description

• On the Upgrade the Windows Operating System tab, select your upgrade package by using the Browse button
• Select your Edition Index depending on the edition you want to deploy. If you select just 1 index as per our indication in previous steps, you’ll see just 1 index to select from.

• On the Include Updates tab, select the desired Software Update task
  • All Software Updates will install the updates regardless of whether there is a deadline set on the deployment (on your OSD collection)
  • Mandatory Software Updates will only install updates from deployments that have a scheduled deadline (on your OSD collection)
  • Do not install any software updates will not install any software update during the Task Sequence

• On the Install Applications tab, select any application you want to add to your upgrade process

• On the Summary tab, review your choices and click Next and click Close

Create a Task Sequence for new Windows 11 Computer

Let’s create an SCCM task sequence for new computers you just bought.

• Still in Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Install an existing image package

• In the Task Sequence Information tab, enter a Task Sequence Name, Description and select your X64 Boot Image

• On the Install Windows tab, select your image package by using the Browse button
• Select the Image Index and enter a product key. If you have a valid KMS server, you can skip the product key

• In the Configure Network tab, select the Domain and OU in which the computer account will be created. Also enter valid credentials to join the domain.

• In the Install Configuration Manager tab, select your Client Package

• On the State Migration tab, select if you want to capture user settings and files. For our example, we’ll turn it off

• On the Include Updates tab, select the desired Software Update task
  • All Software Updates will install the updates regardless of whether there is a deadline set on the deployment (on your OSD collection)
  • Mandatory Software Updates will only install updates from deployments that have a scheduled deadline (on your OSD collection)
  • Do not install any software updates will not install any software update during the Task Sequence

• On the Install Applications tab, select any application you want to add to your upgrade process

• On the Summary tab, review your choices and click Next and click Close

Edit your Windows 11 22H2 Task Sequences

Now that we have created the upgrade and new computer task sequences, let’s see what it looks like under the hood.

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click your upgrade or new computer task sequences and select Edit

As you can see, it’s fairly simple. SCCM will take care of everything in a couple of steps :

• The Upgrade Operating System step contains the important step of applying Windows 11
• Ensure to choose the right Edition

Deploy the SCCM Windows 11 22H2 Upgrade Task Sequence

We are now ready to deploy our task sequence to the computer we want to upgrade. In our case, we are targeting a Windows 11 computer that is running an older Windows 11 version.

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Deploy

• On the General pane, select your collection. This is the collection that will receive the Windows 11 upgrade. For testing purposes, we recommend putting only 1 computer to start

• On the Deployment Settings tab, select the Purpose of the deployment
  • Available will prompt the user to install at the desired time
  • Required will force the deployment at the deadline (see Scheduling)
• You cannot change the Make available to the following drop-down since upgrade packages are available to clients only

• On the Scheduling tab, enter the desired available date and time. On the screenshot, we can’t create an Assignment schedule because we select Available in the previous screen

• In the User Experience pane, select the desired options

• In the Alerts tab, check Create a deployment alert when the threshold is higher than the following check-box if you want to create an alert on the failures

• On the Distribution Point pane, select the desired Deployment options. We will leave the default options

• Review the selected options and complete the wizard

Launch the Upgrade Process on a Windows 11 computer

Everything is now ready to deploy to our Windows 11 computers. For our example, we will be upgrading a Windows 11 21H2 to Windows 11 22H2. This task sequence can also be used to upgrade existing Windows 7 or 8.1 computers to install Windows 11 22H2.

• Log on your Windows 11 computer and launch a Machine Policy Retrieval & Evaluation Cycle from Control Panel / Configuration Manager Icon

• Open the new Software Center from the Windows 11 Start Menu
• You’ll see the SCCM upgrade task sequence as available. We could have selected the Required option in our deployment schedule, to launch automatically without user interaction at a specific time
• When ready, click on Install

• On the Warning, click Install

• The update is starting, the task sequence Installation Progress screen shows the different steps

• The WIM is downloaded on the computer and saved in C:\_SMSTaskSequence
• You can follow task sequence progress in C:\Windows\CCM\Logs\SMSTSLog\SMSTS.log
• After downloading, the system will reboot
• The computer restarted and is loading the files in preparation for the Windows upgrade

• WinPE is loading

• The upgrade process starts. This step should take between 60-90 minutes depending on the device hardware
• Windows 10 is getting ready, 2-3 more minutes and the upgrade will be completed

• Once completed the SetupComplete.cmd script runs. This step is important to set the task sequence service to the correct state

• Windows is now ready, all software and settings are preserved. Validate that you are running Windows 11 21H2

Launch the Process on a new Windows 11 computer

To install the Windows 11 22H2 operating system, the process is fairly the same except to start the deployment.

For my test, I’m booting a new VM. PXE boot the VM and press Enter for network boot service.

• On the SCCM Windows 11 22H2 Upgrade Welcome to task sequence wizard screen, enter the password and click Next

• Select your Windows 11 22H2 Task Sequence and click Next
• The process will start and if everything goes right, should be fully automated.

If you encounter any issues, please see our troubleshooting guide.

#2 – Deploy Windows 11 22H2 using Feature Update

Once Windows 11 is added to your Software Update Point, we will create a Software Update deployment that will be deployed to our Windows 11 deployment collection. This is really the most straightforward and fastest method to deploy.

Make sure to run a full synchronization to make sure that the new Windows 11 22H2 is available.

• Open the SCCM Console
• Go to Software Library / Software Updates / All Software Updates
• On the right side, click Add Criteria, select Product, Expired and Superseded
  • Product : Windows 11
  • Language : English
  • Title contains 22H2

• Select only the desired one and select Deploy

• Complete the Wizard and the deployment will be created to the desired collection
• On a computer member of the collection, the update will be available in the software center. It will be available in the Updates section. Select the Windows 11 22H2 feature update and click Install. If you want an automated process, just make your deployment Required. The installation should take around 30 minutes.
• You can also monitor the deployment in the Monitoring Section of the SCCM console

#3 – Deploy Windows 11 22H2 using Servicing Plans

As stated in the introduction of this post, you can use the Servicing Plan to automate the Windows 11 deployment. Servicing Plans acts like ADR does for Software Updates. Let’s try this:

• Go to Software Library \ Windows Servicing \ Servicing Plans
• Right-click Servicing Plans and click Create Servicing Plans

• Enter a Name and Description

• Select your target Collection

• Select the desired Deployment Ring and how many days after a release to deploy your Windows 11 update package

• In the Upgrade Tab, select the Windows 11 version you want to scope your service plan. Use the Preview button at the bottom to scope it to your need.

• Select your deployment schedule. Remember that this rule will run automatically and schedule your deployment based on your settings.

• Set your desired User Experience options

• Select to create a new deployment package. This is where the Update file will be downloaded before being copied to the Distribution Point

• Distribute the update on the desired Distribution Point and complete the wizard

• Your Servicing Plan is now created. You can always modify it if needed by right-clicking on it and select Properties

#4 – Deploy Windows 11 22H2 using Enablement Package

Windows 11 22H2 is not available for deployment using Enablement Package, If you’re not familiar with this, read our description in the introduction of this post.

However, the upcoming Windows 11, version 23H2 will be as it shares the same servicing branch and code base as Windows 11, version 22H2. What does it mean for you? If you’re running Windows 11, version 22H2, it will be a simple update to version 23H2 via a small enablement package.

It’s pretty much the same as deploying a Software Update. Let me show how you’ll see this for the next Windows 11 version. I’m using Windows 10 to show you.

• Open the SCCM Console
• Go to Software Library \ Windows 10 Servicing \ All Windows 10 Updates
• In the Search bar, type Enablement
• The Windows 11 23H2 Enablement Package will be listed

• Right-Click and select Deploy

• Complete the Wizard and the deployment will be created to the desired collection. Don’t forget that this update can only be sent to a specific Windows version.
• You can also monitor the deployment in the Monitoring Section of the SCCM console

Monitor your deployments

All deployment SCCM Windows 11 22H2 Upgrade methods can be monitored in the SCCM Console in the Monitoring section. Just select your deployments and you’ll have your status.

However, Windows 11 Feature updates are built to fail if there’s anything on the computer that prevents a successful upgrade. This is called a Hard Block.

We have numerous resources on our site for advanced monitoring and we also have 106 pages that cover the whole topic. This guide can be found in our shop.

• Troubleshoot Windows 10 Update hard block | System Center Dudes
• SCCM Error 0xC1900208 deploying Windows 10 1709 (systemcenterdudes.com)
• Windows 10 Feature Updates – The Challenge of Servicing in the Enterprise – A Square Dozen

Import Windows 11 22H2 ADMX File

If you’re responsible for managing group policy in your organization. Ensure that you import the latest Windows 11 22H2 ADMX file on your domain controller.

Bonus Resources

After your SCCM Windows 11 22H2 Upgrade, need a report to track your Windows 11 devices? We developed a report to help you achieve that :

Asset – Windows 10 SCCM Report

The post Upgrade Windows 11 22H2 using SCCM appeared first on System Center Dudes.

This blog post will cover all the tasks needed to upgrade Windows 11 22H2 using SCCM. We will cover scenarios for new and existing computers that you may want to upgrade.

Microsoft published the Windows 11 22H2 feature update on VLSC on September 2022.

Windows 11, version 22H2 is a scoped release focused on quality improvements to the overall Windows experience in existing feature areas such as quality, productivity, and security. Home and Pro editions of the 2022 Update will receive 24 months of servicing, and Enterprise and Education editions will have 30 months of service.

You may also need to deploy Windows 11 22H2 to your existing Windows 11 computer to stay supported or to benefit from the new features. There are a couple of important changes in this release.

Before deploying a new Windows 11 feature upgrade, you need to have a good plan. Test it in a lab environment, deploy it to a limited group, and test all your business applications before broad deployment. Do not treat a feature upgrade as a normal monthly software update.

You can also follow our complete Windows 10 Deployment blog post series if you’re unfamiliar with the whole upgrade process.

Table of Content

• Prerequisites
• Check if you have an SCCM Supported version
• Upgrade your Windows ADK
• Download Windows 11 22H2 ISO
• Mount and extract the ISO file
• Upgrade Strategy – Task Sequence or Servicing Plans
• Import the WIM SCCM to use with your new computer Task Sequence
• Distribute your Wim File
• Import the Upgrade Package in SCCM to use with your new computer Task Sequence
• Distribute your Upgrade Package File
• Create a Windows 11 Upgrade Task Sequence for Windows 11
• Create a Windows 11 Task Sequence for new Windows 11 computers
• Edit your Windows 11 22H2 Task Sequences
• Deploy the SCCM Windows 11 22H2 Upgrade Task Sequence
• Launch the Upgrade Process on a Windows 11 computer
• Launch the Process on a new Windows 11 computer
• Deploy Windows 11 22H2 using Feature Update
• Deploy Windows 11 22H2 using Servicing Plans
• Deploy Windows 11 22H2 using Enablement Package
• Monitor your deployments
• Import your ADMX

Prerequisite SCCM Windows 11 22H2 Upgrade

SCCM Version

You need at least SCCM 2207 in order to support Windows 11 22H2. See the following support matrix if you’re running an outdated SCCM version and make sure to update your site.

Windows ADK

The following table lists the versions of the Windows ADK that you can use with different versions of Configuration Manager.

Before capturing and deploying a Windows 11 22H2 image, make sure that you’re running a supported version of the Windows ADK. Windows recommends using the Windows ADK that matches the version of Windows you’re deploying. If you’re already running an ADK version on your SCCM server, see our post on how to install a new version.

Download Windows 11 22H2 ISO

In order to deploy Windows 11 22H2 using SCCM to a new device, we need to download the .ISO file. To get the ISO file, you can either download it from MSDN or VLSC.

• In the portal, find Windows 11 (business editions), Version 22H2
• Select the architecture and language, Click on Download
• Save the ISO file on your SCCM file repository

Mount and Extract Windows 11 22H2 ISO

Before you can import the Operating System into SCCM, mount and extract the Windows 10 ISO to a folder on your SCCM File repository.

We like to save all the SCCM Windows 11 22H2 Upgrade content in one folder for the full operating system (Ex: Win11-22H2-FullMedia) and extract the Install.wim file from the \Sources folder to another directory. (Ex:Win11-22H2-Wim). You’ll understand why later in this guide.

Upgrade Strategy – Task Sequence, Servicing Plan, Feature Update, Enablement Package?

In order to upgrade an existing Windows 11 to Windows 22H2, you have 4 choices: You can use an upgrade Task Sequence, Servicing Plans, Feature Update, or deploy using an Enablement Package.

For brand-new computers with Windows 11 deployment, Task Sequences are the only option.

Task Sequences are customizable: You can run pre-upgrade and post-upgrade tasks which could be mandatory if you have any sort of customization to your Windows 11 deployments. For example, Windows 10 resets pretty much anything related to regional settings, the keyboard, start menu, and taskbar customization. Things are getting better from one version to another but if you’re upgrading from an older build, let’s say 1903, expect some post-configuration tasks… and the only way to do that is using a task sequence.

Servicing Plan has simplicity, you set your option and forget, as Automatic Deployment Rules does for Software Updates. We have yet to have any client that doesn’t want any control over Windows 10 upgrades in their organization. We totally understand the point of the Servicing Plan and they’ll be useful in a couple of releases when Windows 10 upgrades will be an easy task… but for now, it’s not, unfortunately. You can’t use servicing plans to upgrade Windows 7/8 to Windows 10. For migration, you must use an upgrade task sequence.

Feature Updates are deployed, managed, and monitored as you would deploy a Software Update. You download and deploy it directly from the SCCM console. Features Updates are applicable and deployable only to existing Windows 11 systems.

Lastly, there’s a new option that you can use: Windows 11 Enablement Package. Some Windows 11 version shares the same core OS with an identical set of system files, but the new features are in an inactive and dormant state. By deploying the Enablement package you just enable the new feature. The advantage is that it reduces the updated downtime with a single restart. Use the enablement package only to jump to the next Windows 11 version (example: 1903 to 1909 OR 20H2 to 21H2). You cannot deploy an enablement package let’s say to jump 4 Windows versions (for example 1903 to 21H2).

We will cover all the options in this post.

Option #1 – Task Sequences

Import SCCM Windows 11 22H2 Operating System

Some screenshots were taken from the Windows 10 post but still applies to this post

We will now import the Windows 11 22H2 WIM file for Operating System Deployment. You should have downloaded the ISO file in the first step of this guide.

We will be importing the default Install.wim from the Windows 11 media for a “vanilla” Windows 11 deployment. You could also import a WIM file that you’ve created through a build-and-capture process.

This WIM file will be used for new computers, to upgrade an existing Windows 10, you need to import an Operating System Upgrade Packages. We will cover this in the next section.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Images
• Right-click Operating System Images and select Add Operating System Image

• On the Data Source tab, browse to your WIM file. The path must be in UNC format
• You can now select to import only a specific index from the WIM file. We selected the Windows 11 Enterprise index
• Select your Architecture and Language at the bottom and click Next

• Select your Pre-cache option

• In the General tab, enter the Name, Version and Comment, click Next

• On the Summary tab, review your information and click Next
• Complete the wizard and close this window
• The import process will take about 5 minutes to complete

Distribute your SCCM Windows 11 22H2 Operating System Image

We now need to send the Operating System Image (WIM file) to our distribution points.

• Right-click your Operating System Image, select Distribute Content and complete the Distribute Content wizard

Add Operating System Upgrade Packages

We will now import the complete Windows 11 media in Operating System Upgrade Packages. This package will be used to upgrade an existing Windows 11 or a Windows 7 (or 8.1) device to Windows 11 using an Upgrade Task Sequence.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Upgrade Packages
• Right-click Operating System Upgrade Packages and select Add Operating System Upgrade Packages

• In the Data Source tab, browse to the path of your full Windows 10 media. The path must point to an extracted source of an ISO file. You need to point at the top folder where Setup.exe reside
• You can now select to import only a specific index from the WIM file. We selected the Windows 11 Enterprise index
• Select your Architecture and Language at the bottom and click Next

• Select your Pre-Cache options

• In the General tab, enter the Name, Version, and Comment, click Next

• On the Summary tab, review your information and click Next and complete the wizard

Distribute your Operating System Upgrade Packages

We now need to send the Operating System Upgrade Package to your distribution points.

• Right-click your Operating System Upgrade Package, select Distribute Content and complete the Distribute Content wizard

Create an Upgrade SCCM Task Sequence for Windows 11 Computers

Let’s create an SCCM task sequence upgrade for a computer running a previous version of Windows 11.

This Task Sequence could be used to upgrade an existing Windows 11 computer.

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Upgrade an operating system from upgrade package

• In the Task Sequence Information tab, enter a Task Sequence Name and Description

• On the Upgrade the Windows Operating System tab, select your upgrade package by using the Browse button
• Select your Edition Index depending on the edition you want to deploy. If you select just 1 index as per our indication in previous steps, you’ll see just 1 index to select from.

• On the Include Updates tab, select the desired Software Update task
  • All Software Updates will install the updates regardless of whether there is a deadline set on the deployment (on your OSD collection)
  • Mandatory Software Updates will only install updates from deployments that have a scheduled deadline (on your OSD collection)
  • Do not install any software updates will not install any software update during the Task Sequence

• On the Install Applications tab, select any application you want to add to your upgrade process

• On the Summary tab, review your choices and click Next and click Close

Create a Task Sequence for new Windows 11 Computer

Let’s create an SCCM task sequence for new computers you just bought.

• Still in Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Install an existing image package

• In the Task Sequence Information tab, enter a Task Sequence Name, Description and select your X64 Boot Image

• On the Install Windows tab, select your image package by using the Browse button
• Select the Image Index and enter a product key. If you have a valid KMS server, you can skip the product key

• In the Configure Network tab, select the Domain and OU in which the computer account will be created. Also enter valid credentials to join the domain.

• In the Install Configuration Manager tab, select your Client Package

• On the State Migration tab, select if you want to capture user settings and files. For our example, we’ll turn it off

• On the Include Updates tab, select the desired Software Update task
  • All Software Updates will install the updates regardless of whether there is a deadline set on the deployment (on your OSD collection)
  • Mandatory Software Updates will only install updates from deployments that have a scheduled deadline (on your OSD collection)
  • Do not install any software updates will not install any software update during the Task Sequence

• On the Install Applications tab, select any application you want to add to your upgrade process

• On the Summary tab, review your choices and click Next and click Close

Edit your Windows 11 22H2 Task Sequences

Now that we have created the upgrade and new computer task sequences, let’s see what it looks like under the hood.

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click your upgrade or new computer task sequences and select Edit

As you can see, it’s fairly simple. SCCM will take care of everything in a couple of steps :

• The Upgrade Operating System step contains the important step of applying Windows 11
• Ensure to choose the right Edition

Deploy the SCCM Windows 11 22H2 Upgrade Task Sequence

We are now ready to deploy our task sequence to the computer we want to upgrade. In our case, we are targeting a Windows 11 computer that is running an older Windows 11 version.

• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Deploy

• On the General pane, select your collection. This is the collection that will receive the Windows 11 upgrade. For testing purposes, we recommend putting only 1 computer to start

• On the Deployment Settings tab, select the Purpose of the deployment
  • Available will prompt the user to install at the desired time
  • Required will force the deployment at the deadline (see Scheduling)
• You cannot change the Make available to the following drop-down since upgrade packages are available to clients only

• On the Scheduling tab, enter the desired available date and time. On the screenshot, we can’t create an Assignment schedule because we select Available in the previous screen

• In the User Experience pane, select the desired options

• In the Alerts tab, check Create a deployment alert when the threshold is higher than the following check-box if you want to create an alert on the failures

• On the Distribution Point pane, select the desired Deployment options. We will leave the default options

• Review the selected options and complete the wizard

Launch the Upgrade Process on a Windows 11 computer

Everything is now ready to deploy to our Windows 11 computers. For our example, we will be upgrading a Windows 11 21H2 to Windows 11 22H2. This task sequence can also be used to upgrade existing Windows 7 or 8.1 computers to install Windows 11 22H2.

• Log on your Windows 11 computer and launch a Machine Policy Retrieval & Evaluation Cycle from Control Panel / Configuration Manager Icon

• Open the new Software Center from the Windows 11 Start Menu
• You’ll see the SCCM upgrade task sequence as available. We could have selected the Required option in our deployment schedule, to launch automatically without user interaction at a specific time
• When ready, click on Install

• On the Warning, click Install

• The update is starting, the task sequence Installation Progress screen shows the different steps

• The WIM is downloaded on the computer and saved in C:\_SMSTaskSequence
• You can follow task sequence progress in C:\Windows\CCM\Logs\SMSTSLog\SMSTS.log
• After downloading, the system will reboot
• The computer restarted and is loading the files in preparation for the Windows upgrade

• WinPE is loading

• The upgrade process starts. This step should take between 60-90 minutes depending on the device hardware
• Windows 10 is getting ready, 2-3 more minutes and the upgrade will be completed

• Once completed the SetupComplete.cmd script runs. This step is important to set the task sequence service to the correct state

• Windows is now ready, all software and settings are preserved. Validate that you are running Windows 11 21H2

Launch the Process on a new Windows 11 computer

To install the Windows 11 22H2 operating system, the process is fairly the same except to start the deployment.

For my test, I’m booting a new VM. PXE boot the VM and press Enter for network boot service.

• On the SCCM Windows 11 22H2 Upgrade Welcome to task sequence wizard screen, enter the password and click Next

• Select your Windows 11 22H2 Task Sequence and click Next
• The process will start and if everything goes right, should be fully automated.

If you encounter any issues, please see our troubleshooting guide.

#2 – Deploy Windows 11 22H2 using Feature Update

Once Windows 11 is added to your Software Update Point, we will create a Software Update deployment that will be deployed to our Windows 11 deployment collection. This is really the most straightforward and fastest method to deploy.

Make sure to run a full synchronization to make sure that the new Windows 11 22H2 is available.

• Open the SCCM Console
• Go to Software Library / Software Updates / All Software Updates
• On the right side, click Add Criteria, select Product, Expired and Superseded
  • Product : Windows 11
  • Language : English
  • Title contains 22H2

• Select only the desired one and select Deploy

• Complete the Wizard and the deployment will be created to the desired collection
• On a computer member of the collection, the update will be available in the software center. It will be available in the Updates section. Select the Windows 11 22H2 feature update and click Install. If you want an automated process, just make your deployment Required. The installation should take around 30 minutes.
• You can also monitor the deployment in the Monitoring Section of the SCCM console

#3 – Deploy Windows 11 22H2 using Servicing Plans

As stated in the introduction of this post, you can use the Servicing Plan to automate the Windows 11 deployment. Servicing Plans acts like ADR does for Software Updates. Let’s try this:

• Go to Software Library \ Windows Servicing \ Servicing Plans
• Right-click Servicing Plans and click Create Servicing Plans

• Enter a Name and Description

• Select your target Collection

• Select the desired Deployment Ring and how many days after a release to deploy your Windows 11 update package

• In the Upgrade Tab, select the Windows 11 version you want to scope your service plan. Use the Preview button at the bottom to scope it to your need.

• Select your deployment schedule. Remember that this rule will run automatically and schedule your deployment based on your settings.

• Set your desired User Experience options

• Select to create a new deployment package. This is where the Update file will be downloaded before being copied to the Distribution Point

• Distribute the update on the desired Distribution Point and complete the wizard

• Your Servicing Plan is now created. You can always modify it if needed by right-clicking on it and select Properties

#4 – Deploy Windows 11 22H2 using Enablement Package

Windows 11 22H2 is not available for deployment using Enablement Package, If you’re not familiar with this, read our description in the introduction of this post.

However, the upcoming Windows 11, version 23H2 will be as it shares the same servicing branch and code base as Windows 11, version 22H2. What does it mean for you? If you’re running Windows 11, version 22H2, it will be a simple update to version 23H2 via a small enablement package.

It’s pretty much the same as deploying a Software Update. Let me show how you’ll see this for the next Windows 11 version. I’m using Windows 10 to show you.

• Open the SCCM Console
• Go to Software Library \ Windows 10 Servicing \ All Windows 10 Updates
• In the Search bar, type Enablement
• The Windows 11 23H2 Enablement Package will be listed

• Right-Click and select Deploy

• Complete the Wizard and the deployment will be created to the desired collection. Don’t forget that this update can only be sent to a specific Windows version.
• You can also monitor the deployment in the Monitoring Section of the SCCM console

Monitor your deployments

All deployment SCCM Windows 11 22H2 Upgrade methods can be monitored in the SCCM Console in the Monitoring section. Just select your deployments and you’ll have your status.

However, Windows 11 Feature updates are built to fail if there’s anything on the computer that prevents a successful upgrade. This is called a Hard Block.

We have numerous resources on our site for advanced monitoring and we also have 106 pages that cover the whole topic. This guide can be found in our shop.

• Troubleshoot Windows 10 Update hard block | System Center Dudes
• SCCM Error 0xC1900208 deploying Windows 10 1709 (systemcenterdudes.com)
• Windows 10 Feature Updates – The Challenge of Servicing in the Enterprise – A Square Dozen

Import Windows 11 22H2 ADMX File

If you’re responsible for managing group policy in your organization. Ensure that you import the latest Windows 11 22H2 ADMX file on your domain controller.

Bonus Resources

After your SCCM Windows 11 22H2 Upgrade, need a report to track your Windows 11 devices? We developed a report to help you achieve that :

Asset – Windows 10 SCCM Report

The post Upgrade Windows 11 22H2 using SCCM appeared first on System Center Dudes.

Microsoft has released the first SCCM version for 2024 as the release cadence is now reduced to 2 releases per year. SCCM 2403 was released on April 23rd, 2024. This post is a complete step-by-step SCCM 2403 upgrade guide, meaning that if you want to upgrade your existing SCCM installation to the latest SCCM updates, this post is for you.

If you’re looking for a comprehensive SCCM installation guide to building a new server, refer to our blog series which covers it all.

You won’t be able to install SCCM 2403 if you are running SCCM 2012. Well, that’s an odd phrase! Thank you current branch naming.

SCCM 2403 isn’t a baseline version. SCCM 2403 is a baseline version. This means that if you’re downloading the source from Volume Licensing, SCCM 2403 will be the version of your new SCCM site. Upgrading to a later version (when released) will be available after the original installation.

At the time of this writing, SCCM 2403 is available in the Early update ring. You must run the opt-in script to see it appear in the console. We’ll cover that in the Installation section.

To install SCCM 2403 as an update, you must have installed SCCM 2211 or later. If you check for updates in your console and it’s not showing up, continue reading, we’ll describe how to get it using the “Fast Ring” script.

Keeping your infrastructure up to date is essential and recommended. You will benefit from the new features and fixes, some of which can apply to your environment. It’s easier than ever to upgrade since Microsoft has implemented the servicing model directly from the console.

SCCM 2403 Upgrade Guide – New Features and Fixes

SCCM 2403 includes fewer new features and enhancements than its predecessors.

You can consult the What’s new in version 2403 of Microsoft Configuration Manager article for a full list of changes.

There are 2 important warnings that you must be aware of before upgrading to this version.

• HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager
• Windows Server 2012/2012 R2 operating system site system roles are not supported

If you have HTTP-only communication enabled, you must at least enable Enhanced HTTP for client communication or HTTPS.

If your SCCM server is still running Windows 2012, you must upgrade your site server Operating system before upgrading.

Here’s our list of favourite features :

• Automated diagnostic Dashboard for Software Update Issues
• Folder support for Scripts node
• Improvements to console search
• Enhancement in Deploying Software Packages with Dynamic Variables

Support for SCCM Current Branch Versions

Ensure to apply this update before you fall into an unsupported SCCM version. Read about the support end date of the prior version of the following Microsoft Learn article. The SCCM 2403 version will be supported until October 22, 2025.

Windows and SQL Support

Before installing, make sure that you are running a supported Operating System and SQL version. Older SCCM version was giving a warning during the Prerequisite check but 2403 is giving an error that prevents the installation from continuing.

SCCM 2403 supports only Windows Server 2016+ and SQL 2014 SP3+ but recommends SQL 2016 and up.

Before you Begin – SCCM 2403 Upgrade Guide

Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear on your console once the Service Connection Point is synchronized.

If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the CAS upgrade, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade to the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.

Before applying this update, we strongly recommend that you go through the upgrade checklist provided on Microsoft Learn. Most importantly, initiate a site backup before you upgrade.

There are a couple of new important prerequisite checks in this SCCM 2403 release :

HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager – HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager. Enable HTTPS or Enhanced HTTP for client communication.

Configuration Manager current branch version 2403 has an error prerequisite rule that checks for Microsoft OBDC Driver 18 for SQL setup. This is needed to be installed manually prior to run the SCCM 2403 upgrade, on all site system servers.
To download the Microsoft ODBC Driver 18, click here
The installation of Microsoft ODBC Driver 18 does not require a restart.
Simply rerun the Prerequisite check after the installation.

The prerequisite check will verify all that for you :

If you migrated your site to EHTTP, you’ll have a warning about the Network Access Account that is no longer needed. See Microsoft Support Article on this subject.

[Completed with warning]:The site server configured with HTTPS/Enhanced HTTP, does not require network access account. Please verify the minimum appropriate permission of this account(s) and remove the account(s) which has higher privileges. We recommend you remove the configured network access account(s) which are not leveraged.For more information about your network access account required permissions, see https://go.microsoft.com/fwlink/?linkid=2210348.

In this post, we will update a stand-alone primary site server, consoles, and clients. Before installing, check if your site is ready for the update:

• Open the SCCM console
• Go to Administration \ Updates and Servicing
• In the State column, ensure that the update Configuration Manager
  2403 is Ready to install

• If it’s not available, right-click Updates and Servicing and select Check for Updates

The SCCM 2403 update is not yet available for everyone. If you need it right away you can run the Fast-Ring script and the update will show up.

• If the update is not downloading, click on the button Download on the upper node. The update state will change to Downloading
• You can follow the download in Dmpdownloader.log or by going to Monitoring / Updates and Servicing Status, right-clicking your Update Name, and selecting Show Status
• The process will first download .CAB file and will extract the file in the EasyPayload folder in your SCCM installation directory.
• It can take up to 15 minutes to extract all files.

SCCM 2403 Upgrade Guide

Step 1 | SCCM 2403 Prerequisite Check

Before launching the update, we recommend launching the prerequisite check first. To see the prerequisite checklist, see the Microsoft Documentation

• Open the SCCM console
• Go to Administration \ Updates and Servicing
• Right-click the Configuration Manager 2403 update and select Run prerequisite check

• Nothing will happen, the prerequisite check runs in the background and all menus are unavailable during the check
• One way to see progress is by viewing C:\ConfigMgrPrereq.log

• You can also monitor prerequisite checks by going to Monitoring / Update and Servicing Status, right-clicking your Update Name and selecting Show Status

• If you have any warnings, follow the recommendation to fix the issue in the bottom pane

• The check if HTTPS or Enhanced HTTP is enabled will probably pop for a lot of you. We release a full blog post on how to fix this warning. HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager. Enable HTTPS or Enhanced HTTP for client communication.
• When completed the State column will show Prerequisite check passed
• Right-click the Configuration Manager 2403 update and select Install Update Pack

Step 2 | Launching the SCCM 2403 Update

We are now ready to launch the SCCM 2403 update. At this point, plan about 45 minutes to install the update.

• On the General tab, click Next

• On the Features tab, checkboxes on the features you want to enable during the update

• Don’t worry, if you don’t select one of the features now and want to enable it later, you’ll be able to so by using the console Administration \ Updates and Servicing \ Features

• In the Client Update Options, select the desired option for your client update
  • This option allows updating only client members of a specific collection. Refer to our pre-production client deployment post for more details

• On the License Terms tab, accept the license terms and click Next

• Select if you want to upload Microsoft Defender for Endpoint data to Microsoft Intune.

• On the Summary tab, review your choices, click Next and close the wizard on the Completion tab

The whole process took a minute but the installation begins on the back end.

• During installation, the State column changes to Installing

• We suggest you monitor the progress, by navigating to Monitoring / Updates and Servicing Status, right-clicking your Update Name and select Show Status

Unfortunately, the status is not updated in real-time. Use the Refresh button to update the view.

• Open the SCCM update log SCCMInstallationDirectory\Logs\CMUpdate.log with CMTrace

We’ve done numerous SCCM upgrades. Some installations start a couple of minutes after you complete the wizard but we’ve seen some installation starts after a 10 minutes delay. Do not reboot or restart any services during this period or your update can be stuck in the “Prerequisite check passed” status. There are actually no officially documented methods by Microsoft to fix that. Patience is the key!

• When completed, you’ll notice the message There are no pending update packages to be processed in the log file
• Monitoring / Updates and Servicing Status, right-click your Update Name and select Show Status, the last step will be Installation Succeeded
• Refresh the Updates and Servicing node in Administration, the State column will be Installed

Updating the Outdated Consoles

As a previous update, the console has an auto-update feature. At the console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.

• Since all update operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console

• Click OK, console restart and the update will start automatically

• Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version

Verification

Consoles

After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 9128 and the version is now Version 2403.

SCCM Servers

• Go to Administration \ Site Configuration \ Sites
• Right-click your site and select Properties
• Verify the Version and Build number

Upgrade SCCM 2403 Clients

The client version will be updated to 5.00.9128.100x (after updating, see the section below)

SCCM 2403 Client Package distribution

You’ll see that the 2 client packages are updated:

• Navigate to Software Library \ Application Management \ Packages

• Check if the update is successful, otherwise, select both packages and initiate a Distribute Content to your distribution points

Boot Images

Boot images will automatically update during setup. See our post on upgrade consideration in a large environment to avoid this if you have multiple distribution points.

• Go to Software Library / Operating Systems / Boot Images
• Select your boot image and check the last Content Status date. It should match your setup date

SCCM 2403 Upgrade Guide – Upgrade Clients

Our preferred way to update our clients is by using the Client Upgrade feature: (You can refer to our complete post documenting this feature)

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Client Upgrade tab
• The Upgrade client automatically when the new client update is available to the checkbox is enabled
• Review your time frame and adjust it to your needs

Reconfigure SQL Server AlwaysOn availability groups

To complete SCCM 2403 Upgrade Guide, if you use an availability group, reset the failover configuration to automatic. For more information, see SQL Server AlwaysOn for a site database.

Reconfigure any disabled maintenance tasks

If you disabled database maintenance tasks at a site before installing the update, reconfigure those tasks. Use the same settings that were in place before the update.

SCCM 2403 Upgrade Guide – Monitor SCCM Client Version Number

SCCM Reports Client Version

You can see our SCCM Client version reports to give detailed information about every client version in your environment. It’s the easiest way to track your client updates.

Collections

In conclusion, you can create a collection that targets clients without the latest client version because is very useful when it comes to monitoring a non-compliant client.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.9128.1000'

The post Step-by-Step SCCM 2403 Upgrade Guide appeared first on System Center Dudes.

The Intune Connector for Active Directory, also known as Offline Domain Join (ODJ), is a critical component for integrating Microsoft Intune with on-premises Active Directory (AD).

It facilitates communication between an organization’s on-premises AD and Intune, enabling the Hybrid Azure AD Join process. This ensures devices are joined to both the on-premises domain and Azure AD, especially during the Windows Autopilot process.

Key Uses of the Intune Connector for Active Directory

1. Hybrid Azure AD Join:

• The Intune Connector allows devices joined to an on-premises Active Directory (AD) to be automatically registered with Azure Active Directory (Azure AD). This process is called Hybrid Azure AD Join.
• Hybrid Azure AD Join is especially useful for organizations an on-premises AD and want to extend their environment to Azure AD for cloud-based management through Microsoft Intune.

2. Offline Domain Join (ODJ):

• The connector supports Offline Domain Join (ODJ), allowing devices to join the corporate network even when not directly connected to the on-premises domain at the time of provisioning.
• This feature is ideal for remote workers, as it allows devices to be pre-configured and joined to the domain without needing to be on the corporate network initially.

Important Change: Moving from System Account to Managed Service Account (MSA)

Microsoft has recently announced a significant update to the Intune Connector for Active Directory. Previously, the connector used a system account for integration, but now it will transition to using a Managed Service Account (MSA). This change enhances security and management capabilities, providing more granular control over service account permissions.

In this blog post, we’ll walk you through updating your Intune Connector for Active Directory from using a system account to a Managed Service Account (MSA).

Steps for Updating the Intune Connector for Active Directory – Intune Connector MSA Account

Before you start, ensure you have completed the prerequisites and backed up your environment if necessary.

High-Level Steps:

1. Validate your existing Intune Connector is active.
2. Prerequisites
3. Uninstall the old Intune Connector.
4. Install the new connector.
5. Configure the Intune Connector and validate the MSA account.
6. Update the XML configuration file.
7. Final validation

1. Validate Your Existing Intune Connector is Active

Before starting the update process, confirm that the current Intune Connector is active and functioning properly.

• Log into the Intune Admin Console and check the status of the Intune Connector for Active Directory.
• Go to Devices → Windows → Windows enrollment → Intune Connector for Active Directory.

• Confirm that the connector version is up-to-date and working properly (e.g., Version 6.2304.38.4).

2. Prerequisites

To successfully configure the Intune Connector with an MSA, you need the following permissions:

• Required:
  • Create msDs-ManagedServiceAccount objects in the Managed Service Accounts container in Active Directory.
  • The account used for configuring the Intune connector must be assigned the Intune Administrator role in Entra ID.
  • Local administrator rights on the server where the Intune connector is installed.
• Optional (depending on your environment):
  • Modify permissions in Organizational Units (OUs) within Active Directory. If the account used to install the Intune Connector lacks this permission, additional configuration by an AD administrator will be required.

If the Intune Connector is installed on a Domain Member Server, ensure that the account used for installation has permission to create computer objects in the appropriate OUs.

The whole process makes alot easier if you use domain admin account to install and configure the setup otherwise you will need to work with AD/directory services team to grant necessary permissions. (This is one-time setup).

I have listed the steps to grant permissions if not using domain admin account to install/configure the Intune connector.

• In Active Directory, use the tool ADSIEDIT.msc to assign the msDs-ManagedServiceAccount permissions to the account.
  • Launch ADSIEDIT.msc, navigate to CN=Managed Service Accounts, and right-click on the container.

• Select Properties, go to the Security tab, and click on Advanced.

• Add the account and enable permissions for Create msDs-ManagedServiceAccount.

• Choose type “Allow”, applies to “This object only” and Enable “Create msDs-ManagedServiceAccount” while leaving the default read permissions (if you require, you can uncheck the read permissions that exist and select only “Create msDs-ManagedServiceAccount”.

3. Uninstall the Old Intune Connector

To begin the update process, you must first uninstall the existing Intune Connector:

• Download the Legacy Intune Connector uninstaller from Microsoft Download Center.
• Run the setup to remove the old connector from the system. The process is straightforward. Launch the connector and click Install.
• This step will validate if the Intune connector for AD installed, it proceed to uninstall.

• After the uninstallation is complete, confirm that the old connector is no longer present by checking Programs and Features or the Start Menu.

4. Install the New Intune Connector with MSA account

After removing the old connector, download and install the new Intune Connector for Active Directory that supports MSA.

• Download the latest ODJConnectorBootstrapper.exe from Microsoft’s official site or go to intune portal, windows, enrollment, intune connector for Active Directory, Click on Add and download

• Run the installer and follow the prompts to complete the installation.

• Once the installation is complete, click Configure Now.

• Sign in with an account that has Intune Admin role.

Verify Intune Connector for Active Directory is active in Intune console:

Go to Intune console and verify the newly installed Intune connector for AD status

• Old Connector Version: 6.2304.38.4
• New Connector Version: 6.2501.2000.5

5. Configure the Intune Connector and Validate the MSA Account

Inactive Intune Connectors for Active Directory still appear in the Intune Connector for Active Directory page and will automatically be cleaned up after 30 days.

Now that the new Intune Connector is installed, ready to configure it to use MSA account:

• Open the Intune Connector for Active Directory and click on Configure Managed Service Account.

• If the account has the necessary permissions, it will create an MSA and assign it to the connector service.

• Go to Services.msc and verify that the Intune Connector service is now running under the new MSA (not the system account).

• Use ADSIEDIT.msc to check that the MSA account has been successfully created under the Managed Service Accounts container in Active Directory.

6. Update the XML Configuration File

Finally, update the XML configuration file to ensure the MSA account can create computer objects in the specified Organizational Units (OUs).

• Open the ODJConnectorEnrollmentWizard.exe.config file located at C:\Program Files\Microsoft Intune\ODJConnector\ODJConnectorEnrollmentWizard.
• In the file, locate the section with the key OrganizationalUnitsUsedForOfflineDomainJoin and add the Distinguished Names (DNs) for the OUs you want the MSA to have access to.
• In my case, i have the following 2 OU’s that i would like to add
• OU=Asia,OU=Physical,OU=MDM Managed computers,OU=Workstations,OU=Computers,OU=SG,DC=intranet,DC=eskonr
  

  OU=Europe,OU=Physical,OU=MDM Managed computers,OU=Workstations,OU=Computers,OU=SG,DC=intranet,DC=eskonr

  
  
• Since my OU contains the spaces, i will need to focus on DISTINGUISHED NAME IS ESCAPED PROPERLY.
  
  
  
• To properly escape the Distinguished Names (DN) in your XML, you need to replace the spaces in the Organizational Unit (OU) names with the escape sequence \20. The \20 represents a space character in the Distinguished Name format.
  

  MDM Managed computers becomes MDM\20Managed\20computers where each space is replaced by \20.Here’s how the updated XML would look with spaces correctly escaped:

• <add key=”OrganizationalUnitsUsedForOfflineDomainJoin” value=”OU=Asia,OU=Physical,OU=MDM\20Managed\20computers,OU=Workstations,OU=Computers,OU=SG,DC=intranet,DC=eskonr;OU=Europe,OU=Physical,OU=MDM\20Managed\20computers,OU=Workstations,OU=Computers,OU=SG,DC=intranet,DC=eskonr” />

• Save the configuration file.

7. Final validation

• After configuring the XML file, launch the Intune Connector again and click Configure Managed Service Account.

• This will update the permissions for the MSA account in Active Directory.

• Go back to Active Directory Users and Computers and verify that the MSA account now has the required permissions to create computer objects in the specified OUs.

Conclusion

By following these steps, we have successfully updated the Intune Connector for Active Directory to use a Managed Service Account (MSA) instead of a system account. This change not only enhances security but also allows for more granular control over service account permissions. This process ensures smoother integration between Microsoft Intune and on-premises Active Directory for hybrid environments.

References

• Windows Autopilot user-driven Microsoft Entra hybrid join – Step 2 of 10 – Install the Intune Connector
• Microsoft Intune Connector for Active Directory security update | Microsoft Community Hub

The post How to Update the Intune Connector for Active Directory from System Account to MSA Account appeared first on System Center Dudes.