SCCM Console cannot connect to the site

Nach der Installation eines CU bei einer SCCM 2012 R2 Installation kann es vorkommen, dass die SCCM Console nicht mehr auf die Site verbinden kann.

 

Das Problem sind fehlende Registry Einträge:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ConfigMgr10\AdminUI\QueryProcessors\WQL]

"Assembly Path"="E:\\Microsoft Configuration Manager\\AdminConsole\\bin\\AdminUI.WqlQueryEngine.dll"
"Depends On"=""
"Type"="Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager"

SCCM PXE Troulbeshooting Guide

SCCM PXE Troulbeshooting Guide

http://support.microsoft.com/kb/3012951

Windows Updates crashs Tasksequence

SCCM Tasksequence macht nicht weiter, wenn Windows Updates innerhalb der Tasksequence intalliert werden.

Unter folgenden Link sind alle betroffenen Windows Updates aufgelistet, welche dieses Problem verursachen:
http://support.microsoft.com/kb/2894518

Tasksequence über Powershell starten

mit nachfolgendem Powershell Script kann eine Taskequence über Command Line gestartet werden:
($ADVID entspricht dabei der DeploymentID der Tasksequence)

$ADVID = 'INF200C4'

$Advertisement = get-wmiobject -query "SELECT * FROM CCM_Softwaredistribution WHERE ADV_AdvertisementID LIKE '$($ADVID)' " -namespace "root\CCM\Policy\Machine\ActualConfig" -Computer localhost -Authentication PacketPrivacy -Impersonation Impersonate

$Advertisement.ADV_RepeatRunBehavior = "RerunAlways"

$Advertisement.ADV_MandatoryAssignments = "True"

$Advertisement.put()


  $ScheduledMessageID = (get-wmiobject -query "SELECT ScheduledMessageID FROM CCM_Scheduler_ScheduledMessage WHERE ScheduledMessageID LIKE '$($ADVID)-%' " -namespace "root\CCM\Policy\Machine\ActualConfig" -Computer localhost -Authentication PacketPrivacy -Impersonation Impersonate).ScheduledMessageID

$WMIPath = "\\localhost\root\ccm:SMS_Client"

$SMSwmi = [wmiclass] $WMIPath

[Void]$SMSwmi.TriggerSchedule($ScheduledMessageID)  
Befehl für Powershell Script Ausführung:

C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -noprofile -noninteractive -file [Path]

 

Group Policy - UAC Levels

LEVEL 1

 

Never notify me when:

Programs try to install software or make changes to my computer.

I make changes to Windows settings.

***

Admin Approval Mode for the Built-in Administrator account = Disabled

 

Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled

 

Behavior of the elevation prompt for administrators in Admin Approval Mode = Elevate without prompting

 

Behavior of the elevation prompt for standard users = Prompt for credentials

 

Detect application installations and prompt for elevation = Enabled

 

Only elevate executables that are signed and validated = Disabled

 

Only elevate UIAccess applications that are installed in secure locations = Enabled

 

Run all administrators in Admin Approval Mode = Disabled

 

Switch to the secure desktop when prompting for elevation = Disabled

 

Virtualize file and registry write failures to per-user locations = Enabled

---------------------------------------------

LEVEL 2

 

Notify me only when programs try to make changes to my computer (do not dim my desktop)

Don't notify me when I make changes to Windows settings

***

Admin Approval Mode for the Built-in Administrator account = Disabled

 

Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled

 

Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries

 

Behavior of the elevation prompt for standard users = Prompt for credentials

 

Detect application installations and prompt for elevation = Enabled

 

Only elevate executables that are signed and validated = Disabled

 

Only elevate UIAccess applications that are installed in secure locations = Enabled

 

Run all administrators in Admin Approval Mode = Enabled

 

Switch to the secure desktop when prompting for elevation = Disabled

 

Virtualize file and registry write failures to per-user locations = Enabled

 

-------------------------------------------

LEVEL 3

Default - Notify me only when programs try to make changes to my computer.

Don't notify me when I make changes to Windows Settings

***

Admin Approval Mode for the Built-in Administrator account = Disabled

 

Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled

 

Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent for non-Windows binaries

 

Behavior of the elevation prompt for standard users = Prompt for credentials

 

Detect application installations and prompt for elevation = Enabled

 

Only elevate executables that are signed and validated = Disabled

 

Only elevate UIAccess applications that are installed in secure locations = Enabled

 

Run all administrators in Admin Approval Mode = Enabled

 

Switch to the secure desktop when prompting for elevation = Enabled

 

Virtualize file and registry write failures to per-user locations = Enabled

------------------------------------------------

LEVEL 4

 

Always notify me when:

Programs try to install software or make changes to my computer

I make changes to Windows settings

***

Admin Approval Mode for the Built-in Administrator account = Disabled

 

Allow UIAccess applications to prompt for elevation without using the secure desktop = Disabled

 

Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent on the secure desktop

 

Behavior of the elevation prompt for standard users = Prompt for credentials

 

Detect application installations and prompt for elevation = Enabled

 

Only elevate executables that are signed and validated = Disabled

 

Only elevate UIAccess applications that are installed in secure locations = Enabled

 

Run all administrators in Admin Approval Mode = Enabled

 

Switch to the secure desktop when prompting for elevation = Enabled

 

Virtualize file and registry write failures to per-user locations = Enabled

Windows 8.1 KMS Activation

Problem: Nach dem Windows 8.1 Staging ist nicht der Company LockScreen ersichtlich. Es muss zuerst mit einem Benutzer angemeldet werden.  
Wichtig zu wissen: der LockScreen kann erst geändert werden, wenn sich Windows erfolgreich aktiviert hat.
Auf dem Proxy (TMG) müssen für All Users folgende URL zugelassen werden:

• http://go.microsoft.com/
• https://sls.microsoft.com/
• https://sls.microsoft.com:443
• http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl
• http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
• http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
• http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
• http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
• https://activation.sls.microsoft.com
• https://activation-v2.sls.microsoft.com:443
• https://validation-v2.sls.microsoft.com:443

 

Details:

http://support.microsoft.com/kb/921471/en-us

Windows 8.1 WLAN Wizard prompt ausschalten

Um bei Windows 8.1 OSD (zb. mit MDT) den WLAN Wizard von Windows zu verhindern, kann im Antwort-File muss folgender Schalter gesetzt werden:

oobeSystem\amd64_Microsoft-Windows-Shell-Setup_neutral\OOBE
HideWirelessSetupInOOBE ==> True