Installing client via gpo vs client push?

Similar Messages

• Installing Chrome via GPO

  Hi! I've been working on trying to install Chrome to all Domain Computers via GPO by following this link and cannot figure out what I've been doing wrong but it's not installing on any machine. Can someone tell me if something is missing from these instructions?
  http://www.techrepublic.com/blog/google-in-the-enterprise/install-chrome-via-gpo-and-save-yourself-some-time/

  Hi Lynnette74,
  Based on my understanding, you would like to deploy Chrome to all Domain Computers via GPO. Right?
  It would help us to narrow down the cause of this issue if you could provide the following information:
  Did this issue occur in one computer or several computers? This step is to check the cause of this issue is the process of deployment or the installation.
  Do this issue still occur when you manually install this software in this computer? This step is to check if the installation package cause this issue. If you can manually install
  this software successfully, then the deployed installation package may be broken during the deployment. If not, the cause may be the computer or the software, such as compatibility, account permission and so on.
  In addition, you can follow the steps below to check if the GPO is applied to these clients:
  Click
  Start, type rsop.msc in the search box to access
  Resultant set of policy.
  Check if the GPO is applied to these clients and the setting of the GPO is correct.
  For your information, please refer to the following article to learn more about the software deploment via GPO:
  http://support.microsoft.com/kb/816102/en-us
  Regards,
  Lany Zhang

• Can I install Reader via GPO

  Hello,
  I've got an organisation (about 100 PC's/Laptop) that has multiple versions of the Reader software, going back to 8.1.0.  I'd like to get everybody up to the same version, but the quantity (and geographic locations) of machines means that's all I'd do.  I've recently started using GPO to install some software, so my questions are:
  Is it possible to install Reader via GPO.
  If it is possible do the users need administrative privileges to the machine or can the they be normal users?
  Thanks in advance
  Tony

  See this document for some information on Adobe Reader deployment: http://www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/deploying_reader9.pdf (sorry, I don't know if there is a new document specific for Adobe Reader X).
  Also, you can download MSI installers
  9.4: http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.4.0/en_US/AdbeRdr940_en_US.msi
  10.0: http://ardownload.adobe.com/pub/adobe/reader/win/10.x/10.0.0/en_US/AdbeRdr1000_en_US.msi

• Unable to install Client push in SCCM 2012no

  ======>Begin Processing request: "2097152158", machine name: "GEEWIZB11-10"
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  Execute query exec [sp_IsMPAvailable] N'ACM'
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0)
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Attempting to connect to administrative share '\\GEEWIZB11-10\admin$' using account 'AVASOFTBIZ\sccmadmin'
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> The 'best-shot' account has now succeeded 5 times and failed 0 times.
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Connected to administrative share on machine GEEWIZB11-10 using account 'AVASOFTBIZ\sccmadmin'
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Attempting to make IPC connection to share <\\GEEWIZB11-10\IPC$>
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Searching for SMSClientInstall.* under '\\GEEWIZB11-10\admin$\'
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Unable to get Win32_OperatingSystem object from WMI on remote machine "GEEWIZB11-10", error = 0x80070005.
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  ---> Deleting SMS Client Install Lock File '\\GEEWIZB11-10\admin$\SMSClientInstall.ACM'
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  Execute query exec [sp_CP_SetLastErrorCode] 2097152158, -2147024891
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  Stored request "2097152158", machine name "GEEWIZB11-10", in queue "Retry".
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152158, 2
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  Execute query exec [sp_CP_SetLatest] 2097152158, N'01/21/2015 12:24:43', 170
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:43 PM
  7924 (0x1EF4)
  <======End request: "2097152158", machine name: "GEEWIZB11-10".
  SMS_CLIENT_CONFIG_MANAGER 1/21/2015 5:54:44 PM
  7924 (0x1EF4)

  "Unable to get Win32_OperatingSystem object from WMI on remote machine "GEEWIZB11-10", error = 0x80070005."
  The client push account is being denied access to query this class in WMI on the target system. This is not normal behavior -- typically, accounts that have permissions to access a target system via the admin shares have permissions to correctly access WMI.
  Thus, there is something different about this target system as far as permissions go. Perhaps the system is locked down in some non-standard way or the AV product on it is interfering. There's no way to known exactly why for sure from the server side. You
  will have to troubleshoot on the client itself.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Cannot install Flash via GPO

  I tried publish MSI install package via the GPO on MS WIndows 2003 Server, but when I start installation on workstation, installation still require administrator rights!?

  You have Shockwave Flash 10.1 r82 installed already.

• Installing printers via GPO

  Hi guys,
  I'm trying to deploy a printer using a GPO and I wonder what's the difference between deploying "USER|Computer\Policies\Windows Settings\Printer connections" and "USER|Computer\Preferences\Control Panel Settings\Printers"
  By the way, my colleague isn't able to see "USER|Computer\Policies\Windows Settings\Printer connections", any idea why?
  Lastly, this printers are installed and listed on another AD domain and forest. Everything is properly set up so my users can access that other domain and its resources, and I can manually go to \\printserver and connect to these printers. This server is
  running 2003 and the client workstations are windows 7. Anything I should bear in mind? I'm planning to migrate this printers to a new shiny win 2015 but that's not my priority right now.
  Thanks a lot

  The spooler team designed USER|Computer\Policies\Windows Settings\Printer connections"
  The only way to delete the connect is through policy; Can't set default.  Used only for connections.
  USER|Computer\Preferences\Control Panel Settings\Printers"
  Purchased from another company; can set default; can add local printers but have to specify a shared printer to get a driver.
  When using Group Policy Object editor to add the connection to a policy, the Print Server role tools must be installed on the machine.  One can install the tools without adding the role.  dism /online /enable-feature /featurename:Printing-admintools-collection
  Make sure you configure the Computer\Admin templates\printers\Point and print restrictions policy when creating connections to 2003, none of the drivers contain a digital signature so the Window  machines will throw UI asking if the print server is
  trusted.
  Alan Morris formerly with Windows Printing Team

• Installing Forticlient via GPO

  what Event ID is it throwing at you?

  Mathieu Cohen wrote:
  well that doesn`t really help... Can you manually install it on the laptops using users credentials?
  That was my next question. It might be permission related? Or just an error in the installation process from a corrupted file. If that is the issue a manual install like Mathieu suggested would do the trick.

• Indesign CS6 won't install on Windows 7 64bit via GPO

  Good afternoon,
  I created a installation of Indesign CS6 with application manager enterprise 3 to deploy to computers via the active directory.
  It installs correctly without issue to Windows XP x86 machines however won't install to Windows 7 x64 machines.
  When the computers starts it trys to install but fails and proceeds to the login screen.  The following information is left in the Windows event log.
  Has anyone else had this problem and more importantly know how to solve it?
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          13/08/2013 9:44:23 AM
  Event ID:      1085
  Task Category: None
  Level:         Warning
  Keywords:     
  User:          SYSTEM
  Computer:      WIN7TEST
  Description:
  Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
      <EventID>1085</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>0</Task>
      <Opcode>1</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2013-08-12T23:44:23.375831000Z" />
      <EventRecordID>9482</EventRecordID>
      <Correlation ActivityID="{B74A3709-81F6-4B73-AA1F-9B610874B7EA}" />
      <Execution ProcessID="384" ThreadID="1324" />
      <Channel>System</Channel>
      <Computer>WIN7TEST</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="SupportInfo1">1</Data>
      <Data Name="SupportInfo2">3961</Data>
      <Data Name="ProcessingMode">1</Data>
      <Data Name="ProcessingTimeInMilliseconds">41590</Data>
      <Data Name="ErrorCode">1603</Data>
      <Data Name="ErrorDescription">Fatal error during installation. </Data>
      <Data Name="DCName">\\AYR.burdekin.qld.gov.au</Data>
      <Data Name="ExtensionName">Software Installation</Data>
      <Data Name="ExtensionId">{c6dc5466-785a-11d2-84d0-00c04fb169f7}</Data>
    </EventData>
  </Event>
  Log Name:      System
  Source:        Application Management Group Policy
  Date:          13/08/2013 9:44:23 AM
  Event ID:      108
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          SYSTEM
  Computer:      WIN7TEST
  Description:
  Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : %%1603
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Management Group Policy" />
      <EventID Qualifiers="0">108</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-08-12T23:44:23.000000000Z" />
      <EventRecordID>9481</EventRecordID>
      <Channel>System</Channel>
      <Computer>WIN7TEST</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>Software changes could not be applied.  A previous log entry with details should exist.</Data>
      <Data>1603</Data>
    </EventData>
  </Event>
  Log Name:      System
  Source:        Application Management Group Policy
  Date:          13/08/2013 9:44:23 AM
  Event ID:      102
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          SYSTEM
  Computer:      WIN7TEST
  Description:
  The install of application Adobe InDesign CS6 from policy Global-Application-Adobe InDesign failed.  The error was : %%1603
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Management Group Policy" />
      <EventID Qualifiers="0">102</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-08-12T23:44:23.000000000Z" />
      <EventRecordID>9479</EventRecordID>
      <Channel>System</Channel>
      <Computer>WIN7TEST</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>Adobe InDesign CS6</Data>
      <Data>Global-Application-Adobe InDesign</Data>
      <Data>1603</Data>
    </EventData>
  </Event>

  Hi Abhijit,
  I am able to install InDesign CS6 manually on the machines from the CD/DVD however when trying to install it via GPO or running the msi using the msi exec commands it doesn't install and leaves the above errors in the event log.
  The installation was made using the same CD/DVD and the installation works on the Windows XP clients and software other than InDesign CS6 will install to the Win 7 64-bit machines via GPO.
  Cheers,

• Deploy reader updates and install/uninstall reader via GPO ???

  Hello,
  Got a couple of questions on install/uninstall via GPO and how to deploy reader updates.
  1) How to uninstall older version of readers via GPO?
  2) Is there an ADM file available for installing the latest reader via GPO?
  3) For reader patch updates, can it be deployed via GPO?  If yes, any docs. I can refer to?  If no, what is the minimum priviledge I must grant to domain users to allow them to run the update function w/in the reader (or assign to a specific file path)?
  Thanks in advance!
  Luke

  You may find most of the information you need in http://www.adobe.com/devnet/acrobat/pdfs/deploying_reader9.pdf
  Let us know if anything is missing.

• SCCM Client Push Installation Wizard does not install the client. CCMSetup folder - not created

  Hello,
  I have tried running the Client Push wizard for a single computer or a pilot collection of 8 computers, the result is always
  the same - no SCCM client is installed on any computer.
  The computers are running 32-bit Windows XP SP2.
  The Windows firewall is disabled.
  The client push installation account is setup and have domain admin and local admin privileges. Client Push automatic method
  is not enabled.
  The domain is AD WIndows 2000.
  The SCCM server is running Windows 2003 R2 SP2 64bit Standard.
  The AD schema has been extended.
  MP, and SLP are installed and published. (MP is published in DNS as well.)
  FSP is installed.
  MP, SLP and FSP are running on the same server.
  SQL 2005 server is running locally.
  System management container is created and all rights and permissions delegated.
  With the Push installation account I can access C$ share on the client computer from the SCCM server.
  RPC, Remote registry, WMI services are running on the client machines.
  All prerequisites are installed from the client folder on SCCM server- latest BITS 2.5, Windows installer 3.1 and MSXML6.
  All computers are in the same IP subnet which is listed in the boundaries.
  Yet, the client is not being installed.
  No CCMSetup folder is created on the client machines in Windows\System32 folder, so it is really difficult to troubleshoot
  what the is the issue. I do not see anything helpful in the ccm.log on the server.
  I have tried running the CCMSetup.exe manually on one of the workstations and that was successful and reported back to the
  SCCM server / console.
  What else I should check / try? I really want to push agents via the wizard.
  Thank you,
  Peter

  Hi Wally,
  I have changed 2 things:
  1. Enabed automatic push installation (so I am not usign the wizard any more)
  2. Changed the IP subnet to IP ranges in the site boundairies.
  After runnignt the discovery, I was able to see some activities in the ccm.log. A ccmsetup folder is now created but the agent is still not instaleld. Here is the ccmsetup.log
  ==================================
  <![LOG[==========[ ccmsetup started in process 3140 ]==========]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:8853">
  <![LOG[Version: 4.0.5931.0000]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:1913">
  <![LOG[Command line parameters for ccmsetup have been specified.  No registry lookup for command line parameters is required.]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:3937">
  <![LOG[Command line: "C:\WINDOWS\system32\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:3946">
  <![LOG[CCMHTTPPORT:    80]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:7851">
  <![LOG[CCMHTTPSPORT:    443]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:7866">
  <![LOG[CCMHTTPSSTATE:    0]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:7884">
  <![LOG[CCMHTTPSCERTNAME:    ]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:7912">
  <![LOG[FSP:    HFXDBSSOM.CORP.EASTLINK.CA]LOG]!><time="09:45:07.045+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:7927">
  <![LOG[CCMFIRSTCERT:    0]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:7969">
  <![LOG[Config file:      C:\WINDOWS\system32\ccmsetup\MobileClient.tcf]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4341">
  <![LOG[Retry time:       10 minute(s)]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4342">
  <![LOG[MSI log file:     ]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4343">
  <![LOG[MSI properties:    INSTALL="ALL" SMSSITECODE="PHX" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="0" FSP="HFXDBSSOM.CORP.EASTLINK.CA" CCMFIRSTCERT="0"]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4344">
  <![LOG[Source List:]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4352">
  <![LOG[                  \\HFXDBSSOM.corp.eastlink.ca\SMSClient]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4359">
  <![LOG[                  \\HFXDBSSOM\SMSClient]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4368">
  <![LOG[MPs:]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4371">
  <![LOG[                  HFXDBSSOM.corp.eastlink.ca]LOG]!><time="09:45:07.061+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:4386">
  <![LOG[Updated security on object C:\WINDOWS\system32\ccmsetup\.]LOG]!><time="09:45:07.076+240" date="12-06-2007" component="ccmsetup" context="" type="0" thread="3108" file="ccmsetup.cpp:8692">
  <![LOG[Sending Fallback Status Point message, STATEID='100'.]LOG]!><time="09:45:07.076+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="3108" file="ccmsetup.cpp:9169">
  <![LOG[State message with TopicType 800 and TopicId {A450B407-619B-4777-B77E-C3352753B58A} has been sent to the FSP]LOG]!><time="09:45:07.326+240" date="12-06-2007" component="FSPStateMessage" context="" type="1" thread="3108" file="fsputillib.cpp:730">
  <![LOG[Running as user "SYSTEM"]LOG]!><time="09:45:07.326+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="2600" file="ccmsetup.cpp:2534">
  <![LOG[Detected 24292 MB free disk space on system drive.]LOG]!><time="09:45:07.326+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="2600" file="ccmsetup.cpp:465">
  <![LOG[DetectWindowsEmbeddedFBWF() Detecting OS Version]LOG]!><time="09:45:07.342+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="2600" file="ccmsetup.cpp:511">
  <![LOG[Client OS is not Windows XP Embedded]LOG]!><time="09:45:07.342+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="2600" file="ccmsetup.cpp:548">
  <![LOG[Successfully ran BITS check.]LOG]!><time="09:45:08.745+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="2600" file="ccmsetup.cpp:6948">
  <![LOG[Failed to successfully complete HTTP request. (StatusCode at WinHttpQueryHeaders: 401)]LOG]!><time="09:45:08.745+240" date="12-06-2007" component="ccmsetup" context="" type="3" thread="2600" file="ccmsetup.cpp:5813">
  <![LOG[Sending Fallback Status Point message, STATEID='308'.]LOG]!><time="09:45:08.760+240" date="12-06-2007" component="ccmsetup" context="" type="1" thread="2600" file="ccmsetup.cpp:9169">
  <![LOG[State message with TopicType 800 and TopicId {3BFABF82-FB74-43FB-8A4A-6DFDEAEAC25C} has been sent to the FSP]LOG]!><time="09:45:08.776+240" date="12-06-2007" component="FSPStateMessage" context="" type="1" thread="2600" file="fsputillib.cpp:730">
  ==============================================================
  There are two red errors I am concerned about:
  "Failed to successfully complete HTTP request. (StatusCode at WinHttpQueryHeaders: 401)
  and
  "Failed to download 'WindwosXP-KB923845-x86-ENU.exe' from http://HFXDBSSOM.corp.eastlink.ca/CCM_Client/i386/BITS25 with error code 0x80004005).
  What should I do to resolve these errors?
  Thanks,
  Peter

• Client Migration from SCCM 2007 to SCCM 2012 via GPO

  what
  installation properties i can use to migrate client from sccm 2007 to sccm 2012 via gpo?
  Thanks!!
  Atenciosamente Julio Araujo

  It all depends on your needs, I suggest that you look at this first :
  All properties can be set by using GPO, it's not different from push.
  http://technet.microsoft.com/en-us/library/bb632469.aspx
  http://technet.microsoft.com/en-us/library/bb633010.aspx
  http://social.technet.microsoft.com/wiki/contents/articles/25118.deploying-sccm-2012-r2-clients-using-group-policy.aspx
  Benoit Lecours | Blog: System Center Dudes

• Client side firewall via GPO question

  I am in the process of testing a new client side firewall that will be enforced via GPO, domain, public and private. So here is my question, I would like to remove all firewall rules that have been added locally. I have set firewall merging to "No"
  to not allow local firewall config. So on my test machine, the firewall GPO is in effect, it is enforcing the rules i have configured so far, however, it does not remove the rules that were present prior to testing.
  Here is a piece of an article i found while researching;
  **Another question related to this is about how to prevent the local users from being able to create rules. While you can’t prevent the users from creating a rule you can prevent the rules created by users from being applied (BTW the rule will still be displayed
  in the GUI) by using the “Apply local Firewall Rules” setting. Again a user cannot create a rule to override a block rule from group policy.
  In the interest of full disclosure a user could potentially override the “Apply local Firewall Rules” setting as documented in the MSDN article.
  technet.microsoft.com/en-us/library/cc755191(WS.10).aspx
  The logging policy can be overridden by the local policy because the merger law is set to on.**
  Reading that, it appears as though even though the local user can create a rule, example: Skype, that rule wont actually work due to the firewall being enforced by GPO and merging not allowed? Is that correct?
  Also, is there a way to completely remove all firewall rules that are not pushed from the GPO?
  Hopefully im being clear on this, but will add info with any questions you may have
  Server 08 r2 , windows 7 clients
  Thanks in advance

  Hi -
  This forum is dedicated to Rights Management Services, which cannot help you with your current issue.  I suggest reposting your question in the Windows Server forum:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver
  Thanks!
  Micah LaNasa
  Synergy Advisors
  synergyadvisors.biz

• Best practise for installing patches for SCCM Client 2012 (Both x86 and x64)) - OSD and Client Push Installation

  Hi All,
  What is best practice for automatic installing of SCCM 2012 client Patches
  (using Patch switch) during installation of SCCM 2012 clients? The challenge is that now there are two versions of clients and updates (x86 and x64).
  I need information for:
  OSD
  Client Push Installation
  Thank you in advance.
  Regards,

  Not everything that can be or is supported or not supported is documented (or ever can be):
  http://technet.microsoft.com/en-us/magazine/jj643252.aspx
  Your expectation here needs to be adjusted. No one recommended contacting support. William just mentioned that *if* you have an issue and needed to contact support, they may decline to help you because you've done something explicitly unsupported.
  For clientpatch, here's the specific documentation noting it as unsupported:
  http://blogs.technet.com/b/configmgrteam/archive/2009/04/08/automatically-applying-hotfixes-to-the-configuration-manager-2007-client-during-installation.aspx
  Additionally, I've also been in contact with the sustained engineering folks responsible for the CUs and they've reinforced the statement.
  What can happen? Who knows? Microsoft does not test against unsupported configurations and features -- that's the definition of unsupported. It's not tested so no one really knows. They did find a couple of explicit issues (outlined in that post above) so
  know that at least those exist and probably more since it is, as mentioned, abandoned code.
  Why does it matter what can happen though? If the folks who write and support the code tell you shouldn't do it, you are simply asking for problems by doing it. Ultimately, you're asking a question that has no defined answer (except "bad"/unsupported things)
  that really doesn't matter if you follow the explicit guidance. If you don't, as William points out, that's a risk for you take and an answer for you to discover.
  Jason | http://blog.configmgrftw.com

• Client push deployment and CU / hotfix install

  I'm trying to figure out a way to do a push install of the 2012 client, CU update, and hotfixes all in one go.  I know using the ClientPatch folder method is not supported, but I'm wondering if another way would work.
  1) When you do a client push install from the console, does it use BITS?
  2) Does it directly use the files in Program Files\Microsoft Configuration Manager\Client on the site server, or the SCCM client package?
  3) Could you create a Hotfixes folder under the Client folder, put the CU / hotfixes in there, then use the PATCHES property to point to C:\Windows\ccmsetup\hotfixes\%PROCESSOR_ARCHITECHTURE%\hotfixname.msp?
  I know you can use SCUP or packages to do the updates, but it would be much easier to do it all at once.  Hence the reason why so many people still use the ClientPatch folder, I guess.  I really wish they'd make that a supported option.

  1. No, the initial push portion is a straight SMB copy to the target client. However, that only copies a bootstrapper, ccmsetup, which in turn kicks off on the client to download the rest of the necessary files. The download by ccmsetup does use BITS though.
  2. ccmsetup downloads the necessary files from the package on the proper distribution point (although it will fallback to the MP where it would be ultimately pulling from the client folder location.
  3. Yes, you could create the folder but that would not cause it to be copied to target client. The files it downloads are a fixed list.
  The most you could do is add it to the client push properties but that is problematic because the patches are architecture specific. Thus, there really is no good way to do this using client push.
  A client startup script however offers many advantages including being able to do this.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Client not installing completing via OSD Task Sequence - Standalone Media

  Dear All,
  Facing this issue that i have made Standalone media for OS Deployment but after installing OS, SCCM Client doesn't install completely but when try to install from network with same Task Sequence Client installed successfully.
  One more thing while installing from media, machine is connected on LAN.
  For Further Reference Snapshots are attached.
  As in log its stat that installation was processed but there was no ccmsetup.exe in process neither its installed correctly
  ======>Begin Processing request: "2097152793", machine name: "WIN7VERIFY"
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  Execute query exec [sp_IsMPAvailable] N'KHI'
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  ---> Trying each entry in the SMS Client Remote Installation account list
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  ---> Attempting to connect to administrative share '\\WIN7VERIFY\admin$' using account ''
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  ---> Connected to administrative share on machine WIN7VERIFY using account 'uead\'
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  ---> Attempting to make IPC connection to share <\\WIN7VERIFY\IPC$>
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  ---> Searching for SMSClientInstall.* under '\\WIN7VERIFY\admin$\'
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:21 PM
  10472 (0x28E8)
  ---> System OS version string "6.1.7601" converted to 6.10
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  ---> Mobile client on the target machine has the same version, and 'forced' flag is not turned on. Not processing this CCR
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  ---> Deleting SMS Client Install Lock File '\\WIN7VERIFY\admin$\SMSClientInstall.KHI'
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  Execute query exec [sp_CP_SetLastErrorCode] 2097152793, 120
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  ---> Skipped request "2097152793", machine name "WIN7VERIFY".
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  Deleted request "2097152793", machine name "WIN7VERIFY"
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152793, 3
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  Execute query exec [sp_CP_SetLatest] 2097152793, N'11/10/2014 10:52:22', 1
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  <======End request: "2097152793", machine name: "WIN7VERIFY".
  SMS_CLIENT_CONFIG_MANAGER 11/10/2014 3:52:22 PM
  10472 (0x28E8)
  REGARDS DANISH DANIE

  The attached log file is related to a client push, I'm not sure how that is related to your problem. When you're having problems with the client installation during a task sequence deployment, please check the smsts log file and, if available, the ccmsetup
  log file (these log files should be available on the client itself).
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude