SCCM 2012 R2 and NTFS\Share permissions auditing and inventory

Similar Messages

• Wifi profiles SCCM 2012 R2 and Windows Intune

  Hi All,
  A quick question regarding SCCM 2012 R2 and the new Wifi Profiles feature...
  Can anyone confirm if you need windows Intune combined with SCCM 2012 R2 to be able to deploy WIFI profiles to users devices i.e Windows 8.1, IOS and Android platforms?  Microsoft documentation is not clear on this subject.
  Any help would be much appreciated.
  Regards PowerShell90

  It not as straight forward as one would hope. I am running the latest version of SCCM 2012 R2 CU2 connected to my Windows Intune subscription. There are a lot of hickups. One is that the direct of management needs to be all or nothing. In other words you
  either need to use Windows Intune solely to manage your devices or SCCM 2012 R2 (via connector). If the later then you must do everything from in SCCM 2012 R2. You cannot hybrid manage your devices as this will screw things up.
  Android for some reason is left out on a lot of features. I would think that MS Devs would work hard on the market share that being Android, not iOS. Any way, accord to some official MS articles Android is supported, but others claim that not all features
  are, these being the important ones like Email and Wi-Fi Profiles. They simply do not work.
  I think MS is heading in the right direction but there is a lot of work that needs to be done before this is a competitive product. I could care less if connects to my SCCM 2012 R2 server or not. Here are few things that I sent o a MS Support Rep today that
  need to be address.
  1. Better response time when updating devices after enrollment (e.g. Name change).
  2. The ability to locked down uninstalling Windows Intune from device.<o:p></o:p>
  3. The ability to locked down certain features in the Windows Intune app on device (e.g. User can reset device with Windows Intune app, rename, etc...).<o:p></o:p>
  4. Ability to rename device in either Windows Intune Admin Portal and/or SCCM 2-12 R2.<o:p></o:p>

• Deploy Java Updates using SCCM 2012 SP1 and SCUP 2011

  What is the best way to deploy Java updates using sccm 2012 SP1 and SCUP 2011?

  I didn´t find Kent´s blog useful when talking about Java. I can deploy Adobe products fine, but I have to import Java manually because not having Shavlik certificate. So with that said, I have the fallowing problem;
  I have full offline installer unpacked, .msi file and Data1.cab. When I´m importing these binaries to SCUP, I only can point to .msi. Doing that, installation fails in client side fails because of lack of data1.cab fine, which is the main file.
  Should I use some other downloaded files of Java? I couldn´t find any Java-update-file only type of files to download.

• SCCM 2012 CLSID APPID DCOM DEFAULT PERMISSIONS

  I am trying to install SCCM 2012 onto a set of Server 2012 R2 servers. I did get SQL 2012 to install without much trouble. But there are multiple problems and I still have to WMF 4 and ADK installed before I try to install SCCM itself. Because of our environment
  this servers are hardened. The problems are: WMF won't instal because the signer of the message invalid or not found (0x80096002), MS patches won't install because the "revocation process could not continue - the certificate(s)could not be checked) (0x800B010E
  and in event viewer 2148204814), and in HKEY CLASSES ROOT while the APPID hive has permissions that match a separate working system we have the APPIDs under it have all read only permissions except trustedinistaller. Consequently, the permission settings on
  all the DCOM objects are dimmed out. While I can change the existing DCOM and APPID objects (hopefully all at once) that leaves the problem of new objects. What is setting these permissions to read and how do I change that once and for all? I can ony find
  info on changing one APPID at a time.

  "hardened" = "broken"
  Sorry, but most so called hardening processes are completely invalid and end up just breaking everything.
  I highly recommend whoever implemented these "lockdowns" watch this: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM304
  Ultimately, your issues have noting to do with ConfigMgr. The WMF is a standard Windows component as are Windows updates and thus you should seek help in a Windows forum or contact CSS (because I don't think you'll actually get anywhere in the forums if
  your systems are so broken that you can't even install updates).
  Jason | http://blog.configmgrftw.com

• SCCM 2012 Design and Management

  I'll preface this by saying I dont have much experience beyond setting up a stand alone primary site for SCCM 2012. 
  Here's the situation:
  1. Central Office in LA, CA with smaller offices in Texas and in SF (totaling about 4k clients)
  a. Fast 10G link to TX
  b. Slow link to SF
  2. Korea office with 500 clients (slow link)
  3. Europe office with 1500 clients (slow link)
  4. Local IT staff managing systems and software deployment in each location. 
  5. Central office would like oversight and management of other regions. 
  If anyone could provide suggestions on hierarchy design that would be appreciated. 
  Originally I was going to setup a CAS and a Primary Site in the US (DPs for SF and TX), and 2 other Primary Sites for KR and EU regions (Remote DPs and what not for the smaller branches within). IT staff for each region would manage their own primary. But this
  apparently isn't ideal. 
  My question is how a stand-alone primary design would work in this instance? And if the primary resides in the US, would administrative users have to use the console to access the primary over the slow WAN link?
  I think my confusion in design comes from whether the regional admins need direct access to the Primary site or not. 
  Thanks, and please excuse my ignorance. 

  I'm not sure what the internet cloud is there for.  Your LA Primary should be in that spot; remember those servers all need to be able to communicate with the primary, usually on the same domain.  If what you meant by that 'internet" cloud
  you really meant "Our Internal Company WAN Links", then ok.  By that I mean... I presume in SF, KR, EU... there are domain controllers servicing those locations?  then it's sorta similar to CM12.
  If you really *do* mean internet is how those locations are linked, no domain trusts, then what you may be looking at is pki certificates, and internet based client management.  And/Or possibly considering leveraging Intune for those clients.
  Regarding console usage; either publish the console via Citrix, or publish the console as a TS App.  i.e., publish the console from citrix via a citrix server in the same datacenter as the LA Primary--and everyone uses that console (if they need to
  use the console). 
  fyi/off topic... my opinion.  "helpdesk" type personnel have no need to be in the console, nor does anyone who simply needs to run reports.
  Standardize. Simplify. Automate.
  Correct, internal WAN links, all computers are domain joined. We will eventually move to internet management too but that seems to be something we'll tackle later down the road. 
  I will need to check with the other admins to see what kind of VDI we have in place. 
  Console access is for other admins to create/modify collections for their region, deploy software, etc. The console itself wont be made available to helpdesk/service desk.
  response to edit:
  - Correct, TX will only have a DP on a "site server" (not a secondary site). 
  - link to SF would be 1GB, and change to 10GB once they move into a perm location. In my diagram they would also just receive a DP
  edit 2: ok my vocab is off, when i put "site server" in the diagram i really mean "site system server"

• SCCM 2012, WMI, and SCCM Clients

  I have SCCM 2012 R2 CU2. I know that WMI has to be working for SCCM to be fully functional. I've done some reading on what I'm about to ask but I'd like to get some clarification on these points as I'm not totally clear on a few things:
  1) If when using wbemtest you discover there is no WMI connectivity between the DCs and siteserver to/from a client, including a non-domain member client, will the SCCM client install on that client machine?
  2) After the SCCM client is installed on a client machine, how essential is WMI connectivity to that SCCM client functioning?
  3) Was parts of SCCM use WMI?
  4) What permissions, including within DCOM, are needed for WMI to work with SCCM?
  Thanks.
  Ben JohnsonWY

  <...>
  I'm now back to getting that 0x80070427 error. That error code is also on another server (and with the same software and main functionality) that's on another domain but for now we'll stick with the server we've been talking about.
  <...>
  So the root question is, what is causing that 0x80070427. There's almost zilch on that error code on the internet.
  cmtrace is your friend :)
  open cmtrace, press CTRL+L and paste in the error/HRESULT:
  Lookup: 0x80070427
  Result:The service process could not connect to the service controller.
  Source: Windows
  Note that ConfigMgr relies heavily on non-ConfigMgr components, i.e. Windows base services/features. If those base services/features are mis-configured / disabled / broken, ConfigMgr *will* be impacted.
  In this case, the "Source: Windows" tells us that a Windows component is throwing the error.
  There should be additional/further detail/information available for this event in the log. Research that.
  The logs on the client will probably need to be examined, including the Windows event logs, to see why the service and service-controller are throwing this error. IF it's happening on two servers, and those servers both have  "the same software
  and main functionality", I'd be immediately suspicious of that software/function - perhaps that software is the cause of the service/controller issue..
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• SCCM 2012 SP1 and Exchange 2013 Connector Get-Recipient cmdlet failed

  I have been trying to get my Exchange Connector working with SCCM 2012 SP1 for a week or so now. Every post tells me that the Get-Recipient cmdlet failed is a security permissions error. I have given the service account running the connector full Exchange
  Server Management rights including Recipient Management and Organization View-Only. I have even tested remote power shell to the CAS server and run the cmdlet with no issues.
  For some reason it just does not want to work for me. Has anyone been running into this issue?

  Now before you read the following error and say oh this is a permission issue I am telling you it is not. I have given the account full Exchange admin rights and I have even tested the Get-Recipient cmdlet remotely to the Exchange server and it works with
  no issues. I have also noticed multiple forum posts with the exact same issues.
  I have noticed one thing that stands outs "Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "The value "$true" could not be converted to type System.Boolean"
  I believe this issue may be related to changes in the powershell commands with Exchange 2013, but I do not know where or how to edit the ps1 script.
  I am getting the error below:
  ERROR: [MANAGED] Invoking cmdlet Get-Recipient failed. Exception: System.Management.Automation.RemoteException: Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "The value "$true" could not be converted to
  type System.Boolean."~~   at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)~~   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings
  settings)~~   at System.Management.Automation.PowerShell.Invoke()~~   at Microsoft.ConfigurationManager.ExchangeConnector.Connector.Invoke(PSCommand cmd)
  SMS_EXCHANGE_CONNECTOR 9/19/2013 12:00:01 AM
  4200 (0x1068)
  STATMSG: ID=8817 SEV=W LEV=M SOURCE="SMS Server" COMP="SMS_EXCHANGE_CONNECTOR" SYS=MySite SITE=MySiteID PID=xxx TID=xxx GMTDATE=Thu Sep 19 07:00:01.653 2013 ISTR0="Get-Recipient" ISTR1="ParameterBindingFailed,Microsoft.Exchange.Management.RecipientTasks.GetRecipient"
  ISTR2="Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "The value "$true" could not be converted to type System.Boolean."" ISTR3="" ISTR4="" ISTR5="" ISTR6=""
  ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
  SMS_EXCHANGE_CONNECTOR 9/19/2013 12:00:01 AM
  4200 (0x1068)
  ERROR: [MANAGED] Exception: Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "The value "$true" could not be converted to type System.Boolean."
  SMS_EXCHANGE_CONNECTOR 9/19/2013 12:00:01 AM
  4200 (0x1068)

• Cannot publish Flash Updates Verification of file signature failed for file SCUP 2011, SCCM 2012 R2 and WSUS all on same Windows Server 2012 machine

  I am attempting to distribute Adobe Flash updates using SCUP 2011, SCCM 2012 R2, WSUS ver4 and Windows Server 2012.  Everything installs without error.  I have acquired a certificate for SCUP signing from the internal Enterprise CA.  I have
  verified the signing certificate has a 1024 bit key.  I have imported the certificate into the server's Trusted Publishers and Trusted Root CA stores for the computer.  When I attempt to publish a Flash update with Full content I receive the following
  error:
  2015-02-13 23:00:48.724 UTC Error Scup2011.21 Publisher.PublishPackage PublishPackage(): Operation Failed with Error: Verification of file signature failed for file:
  \\SCCM\UpdateServicesPackages\a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4\3f82680a-9028-4048-ba53-85a4b4acfa12_1.cab
  I have redone the certificates three times with no luck.  I can import metadata, but any attempt to download content results in the verification error.
  TIA

  Hi Joyce,
  This is embarrassing, I used that very post as my guide when deploying my certificate templates, but failed to change the bit length to 2048.  Thank you for being my second set of eyes.
  I changed my certificate key bit length to 2048, deleted the old cert from all certificate stores, acquired the a new signing cert, verified the key length was 2048, exported the new cert to pfx and cer files, imported into my Trusted publishers
  and Trusted Root Authorities stores, reconfigured SCUP to use the new pfx file, rebooted the server and attempted to re-publish the updates with the following results:
  2015-02-16 13:35:44.006 UTC Error Scup2011.4 Publisher.PublishPackage PublishPackage(): Operation Failed with Error: Verification of file signature failed for file:
  \\SCCM\UpdateServicesPackages\a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4\3f82680a-9028-4048-ba53-85a4b4acfa12_1.cab.
  Is there a chance this content was already created and signed with the old cert, so installing the new cert has no effect?  In ConfigMgr software updates I see 4 Flash updates, all marked Metadata Only (because they were originally published as "Automatic." 
  No Flash updates in the ConfigMgr console are marked as downloaded.  I can't find any documentation on how the process of using SCUP for downloading content for an update marked Metadata Only actually works. 
  Comments and suggestions welcome.

• How can I remove the SCCM 2012 client and reinstall SCCM 2007 client on all of our computers

  Hello All
  We have  bit of a problem. Our virtual SCCM 2012 r2 server was deleted and the back solution we had in place keeps failing.
  We do have our sccm 2007 server still in place but its only role was imaging as we transferred roles from one to another.
  My question is now our support needs to remote into pcs but cant because the CM12 server is gone. How can I remove the 2012 client from all of our companies computers and reinstall the CM07 client so we can remote into computers again.
  Thanks in advance!
  Phil
  Phil Balderos

  Run a ccmsetup /uninstall on the clients. You may need to run via PSExec. Then push out the SCCM 2007 client via the 2k7 console.
  Cheers
  Paul | sccmentor.wordpress.com
  Thanks Paul!
  I have to do this on over 350 computers and 110 servers. How can I do it on a more massive scale?
  Phil Balderos
  I would check Torsten's approach first and see if the ccmsetup will uninstall the 2012 version. I'm not sure. Obviously the other way round is fine.
  Using PSexec you can script this to call up a txt file of all your servers/computers and run the uninstall.
  e.g. 
  for /f "tokens=*" %a in (computers.txt) do psexec \\%a %WINDIR%\ccmsetup\ccmsetup.exe /uninstall 
  If your account has privileges on all devices you won't need to add in any username/password credentials. Obviously only devices that are switched on and you have access to will run this.
  Cheers
  Paul | sccmentor.wordpress.com

• Windows 8.1 Update (with WinPE 5.1) ADK + SCCM 2012 R2 and WinXP

  Hello,
  I see new ADK version (8.1 Update) is released
  http://www.microsoft.com/en-US/download/confirmation.aspx?id=39982
  It contains WinPE 5.1 and new USMT (which version?), does it support migration from WinXP to Win7?
  Previously I used USMT5 (instead of 6.3) and modified WinPE 5.0 with bootsect.exe from WinPE 4.0 (from ADK 8.0) on SCCM 2012 R2 CU3.
  And can I use ADK 8.1 Update with SCCM 2012 R2?

  He does answer your question about the USMT version.
  The rest still applies in terms of XP support. See below.
  http://blogs.technet.com/b/mniehaus/archive/2014/01/09/migrating-from-windows-xp-to-windows-8-1-using-mdt-2013.aspx
  Yes, ConfigMgr 2012 R2 is supported.
  http://blogs.technet.com/b/configmgrteam/archive/2014/04/03/understanding-the-adk-for-windows-8-1-update-and-configmgr-osd.aspx
  Daniel Ratliff | http://www.PotentEngineer.com
  in the article I found:
  Windows PE version 5.1 is not needed for Configuration Manager and can actually be problematic if you try to use it. Windows PE 5.0 can continue to be used to deploy Windows 8.1 Update. There is a documented process to upgrade Windows PE to version 5.1,
  but this should be considered incompatible with Configuration Manager at this time.
  So for a new installation of SCCM 2012 R2 I can install ADK 8.1 update because in contains WinPE 5.0 and option to update to 5.1. And unclear about XP, it seems XP is not supported again.
  Also fourth release was in September 2014, but article was posted in April 2014.

• SCCM 2012 R2 and Windows 8.1

  Hi,
  I have installed SCCM 2012 R2. SCCM client deployed on 10 PCs and I can explore Hardware resources on all PCs except 1 PC which is 8.1
  so my question now does SCCM 2012 R2 supports 8.1?
  Thanks,
  Kareem Behery

  Hi,
  Yes, ConfigMgr 2012 R2 supports Windows 8.1. Check the Windows 8.1 computer to make sure that the SCCM client is operational and sends in Inventory to the Site server. Inventpryagent.log file on the computer is a good place to start.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Deploy UDI Windows 10 with SCCM 2012 R2 and MDT 2013 Update 1

  Hi,
  Trying use "User-Driven Installation"  with
  SCCM 2012
  R2 CU4 and MDT
  2013 Update 1 for deploy Windows
  10.
  Created MDT Task Sequences with
  template "Client Task sequence"
  and Deployment Method "User-Driven Installation".
  When I try to deploy I have error like:
  Failed to run the last action: Error in the task sequence. Execution of task sequence failed.
  The operation cannot be completed because other resources are dependent on this resource. (Error: 00001389; Source: Windows)
  ZTI deployment failed, Return Code = 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Unable to create WebService class InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Command line returned 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Process completed with exit code 5001 TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Part smsts.log
  !--------------------------------------------------------------------------------------------! TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Expand a string: WinPEandFullOS TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Executing command line: smsswd.exe /run: cscript "%deployroot%\scripts\ztierrormsg.wsf" TSManager 22.04.2015 11:36:57 1160 (0x0488)
  [ smsswd.exe ] InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  PackageID = '' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  BaseVar = '', ContinueOnError='' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  ProgramName = 'cscript "C:\_SMSTaskSequence\WDPackage\scripts\ztierrormsg.wsf"' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  SwdAction = '0001' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Set command line: Run command line InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Working dir 'not set' InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Executing command line: Run command line InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Process completed with exit code 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Microsoft (R) Windows Script Host Version 5.12 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Copyright (C) Microsoft Corporation. All rights reserved. InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Microsoft Deployment Toolkit version: 6.3.8216.1000 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  The task sequencer log is located at X:\WINDOWS\TEMP\SMSTSLog\SMSTS.LOG. For task sequence failures, please consult this log. InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  ZTI deployment failed, Return Code = 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Unable to create WebService class InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Command line returned 5001 InstallSoftware 22.04.2015 11:36:57 1740 (0x06CC)
  Process completed with exit code 5001 TSManager 22.04.2015 11:36:57 1160 (0x0488)
  !--------------------------------------------------------------------------------------------! TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Failed to run the action: Error in the task sequence.
  The operation cannot be completed because other resources are dependent on this resource. (Error: 00001389; Source: Windows) TSManager 22.04.2015 11:36:57 1160 (0x0488)
  MP server http://sccm.domain.com. Ports 80,443. CRL=false. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Setting authenticator TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Set authenticator in transport TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Sending StatusMessage TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Setting message signatures. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Setting the authenticator. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  CLibSMSMessageWinHttpTransport::Send: URL: sccm.domain.com:80 CCM_POST /ccm_system/request TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Request was successful. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Set a global environment variable _SMSTSLastActionRetCode=5001 TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Clear local default environment TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Let the parent group (Gather Logs and StateStore on Failure) decides whether to continue execution TSManager 22.04.2015 11:36:57 1160 (0x0488)
  The execution of the group (Gather Logs and StateStore on Failure) has failed and the execution has been aborted. An action failed.
  Operation aborted (Error: 80004004; Source: Windows) TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Failed to run the last action: Error in the task sequence. Execution of task sequence failed.
  The operation cannot be completed because other resources are dependent on this resource. (Error: 00001389; Source: Windows) TSManager 22.04.2015 11:36:57 1160 (0x0488)
  MP server http://sccm.domain.com. Ports 80,443. CRL=false. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Setting authenticator TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Set authenticator in transport TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Sending StatusMessage TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Setting message signatures. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Setting the authenticator. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  CLibSMSMessageWinHttpTransport::Send: URL: sccm.domain.com:80 CCM_POST /ccm_system/request TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Request was successful. TSManager 22.04.2015 11:36:57 1160 (0x0488)
  Executing command line: X:\WINDOWS\system32\cmd.exe /k TSBootShell 22.04.2015 11:37:31 696 (0x02B8)
  The command completed successfully. TSBootShell 22.04.2015 11:37:31 696 (0x02B8)
  Successfully launched command shell. TSBootShell 22.04.2015 11:37:31 696 (0x02B8)

  MDT Updates for Windows 10 Technical Preview Build 10041
  Если Вам помог чей-либо ответ, пожалуйста, не забывайте жать на кнопку "Предложить как ответ" или "Пометить как ответ".
  http://zalozny.com.ua

• Installation of SCCM 2012 R2 and SQL Server 2014 error

  Hello All,
  I am attempting to setup SQL Server 2014 and SCCM 2012 R2 but I keep running into an error stating that "Configuration Manager requires Microsoft SQL Server
  2008 SP2 w/ CU9........ all the way up to Microsoft SQL Server 2012 with CU2 or higher." I am using all evaluation versions for this configuration as we are looking to test and evaluate the products. I was trying it with SQL 2014 because I was running
  into the same error with SQL 2012 and according to "http://blogs.technet.com/b/configmgrteam/archive/2015/03/30/updated-sc2012-configmgr-sp1-and-sc2012r2-configmgr-support-sql-server-2014.aspx" SQL
  2014 is supported with SCCM 2012 R2. SQL is installed locally on the same box. 
  Any suggestions would be appreciated.
  Thanks,
  Tucker
  Update: When running the Pre-Req check these are some of the failed returns.....
  SQL Server Edition: Failed: Configuration Manager primary site and central administration site don't support SQL Server Express Edition
  Not sure why it is recognizing SQL Express as this is a new machine.
  SQL Server service running account: Failed: The logon account for the SQL Server service cannot be a local user account, NT SERVICE\<sql service name> or LOCAL SERVICE.  You must configure
  the SQL Server service to use a valid domain account, NETWORK SERVICE, or LOCAL SYSTEM.
  For the SQL Service I am using a domain account created specifically for this.

  This has nothing to do with moving or restoring. The kb article says "This hotfix provides updated versions of the setup files and enables new installations
  of the System Center 2012 R2 Configuration Manager site database role and the System Center 2012 Configuration Manager SP1 site database role in Microsoft SQL Server 2014"
  Torsten Meringer | http://www.mssccmfaq.de

• Using a custom certificate store for SCCM 2012 clients and primary site server

  I have read what seems to be all the pki related documentation out there for SCCM 2012. I have a PKI infrastructure up and running issueing certificates with an offline root through group policy autoenrollment. The problem that i'm faced with is we are migrating
  from SCCM 2007 that was in native mode and we chose not to use the CA that we used for the old SCCM environment. When the clients attempt to communicate with the M.P. it runs through all of the different certificates and adds a tremendous amount of overhead
  to the M.P. We will have ten's of thousands of clients by migration end. Could someone please point me to a document that goes over how to leverage a custom certificate store that I could then tell the new 2012 environment to use? I know that it's in there,
  I've seen it in the console. The setup is one primary site server with SQL on box and the pki I just mentioned as well as the old 2007 environment that is still live.
  I read that you can try and use SAN as a method of identifying the new certs but I haven't found a good document covering exactly how that works. Any info you could provide I would be very grateful for. Thanks.

  Jason, thank you for your reply. I'm getting the impression that you have never been in the situation where you had to deal with 2 different PKI environments. Let me state that I understand what your saying about trust. We have to configure the trusted root
  CA via GPO. That simply isn't enough, and I have a valid example to backup this claim. When the new clients got the advertisement and began the ccmsetup process I used the /pki switch among others. What the client end up doing was selecting a certificate that
  had the longest validity period which was issued by our old CA. It checked the authentication chain, found it to be valid and selected it for communication. At that point the installation failed, period, no caveats as you say. The reason the install failed
  because the new PKI infrastructure is integrated into the new environment, and the old is not. So when you said " that
  are trusted and they can use *any* cert that is trusted because at the end of the day, there is no
  difference between two valid certs that have the same purpose as long as they are trusted. "
  that is not correct. Both certs are trusted, and use the same certificate template, but only one certificate would allow the install to complete successfully.
  Once I started using the CCMCERTISSUERS
  switch the client install went swimmingly. The only reason I'm still debating this point is because someone might read this thread see your comments and assume "well I've got my new PKI configured as a trusted root CA, I should be all set" and their
  deployment will fail, just as my pilot did.
  About Intune I'm looking forward to doing a POC in the lab i built with my Note 3. I'm hoping it goes well as I really want to have our MDM migrated into ConfigMgr... I think the
  biggest obstacle outside of selling it to management will be the actual device migration from the current MDM solution. From what I understand of the enrollment process manual install and config is the only path forward.
  Thanks Jason for your post and discussion.

• SCCM 2012 SP1 and MDT 2012 Task Sequence Templates, MDT File/Settings Packages

  We're setting up SCCM 2012 integrated with MDT 2012 for our OSD. My main issue is finding actual reference material for the MDT task sequence templates when integrated with SCCM. The MDT documentation has a lot of information on variables and task sequences
  outside of SCCM integration. 
  One thing I'd love to find information on is what's actually going on during an MDT Client Task Sequence template. I found this http://social.technet.microsoft.com/Forums/en-US/645a77b2-5be6-431d-818c-57d24b1435cc/understanding-mdt-task-sequence?forum=configmgrosd but
  it doesn't delve into the kind of detail I'm looking for. I can dig up information through the MDT reference material on some things, but I just can't find anything out there that actually walks you through an SCCM/MDT task sequence template. For instance,
  under State Restore what is being referenced in Install Software with base variable name PACKAGES, vs Install Applications and base variable name COALESCED APPS. And, where are you supposed to put these applications? That's just a specific example, I'm hoping
  to find some kind of walkthrough.
  Two things I'm hazy on are the MDT packages. What exactly are the MDT Settings Package, and the MDT Files Package? What are they used for? What benefits do you get out of using them? And, how exactly do you use them? I know one of them has something to do
  with customsettings.ini, but what's the point of using SCCM with MDT if you still have to muck around in the customsettings.ini file?
  Either way, it seems like there are a lot of references to SCCM task sequences, and a lot of references to MDT task sequences. But, not together. Which is a bit annoying since the MDT-integrated task sequence templates are very obviously different than either
  SCCM or MDT by itself. Any help would be appreciated, even just information on where to look. Maybe I'm just really bad at finding reference material for SCCM/MDT. Thanks. 

  When MDT integrated with SCCM, We need the following MDT components to be created:
  MDT Boot image
  MDT Toolkit Files
  MDT Settings
  The MDT boot image (for example) gives you extra abilities over the standard ConfigMgr boot image such as the ability to display a HTA Refer here:
  http://www.windows-noob.com/forums/index.php?/forum/98-frontends-and-web-services/
  MDT Files once created, you will find UDIWizard_Config.Xml file in which you can start User driven Installation OSD using UDI designer.
  Refer these links for better understanding:
  http://www.windows-noob.com/forums/index.php?/topic/5131-using-sccm-2012-rc-in-a-lab-part-16-integrating-mdt-2012-rc1-with-configuration-manager-2012/
  http://www.windows-noob.com/forums/index.php?/topic/5221-using-sccm-2012-rc-in-a-lab-part-17-using-mdt-2012-rc1-within-configuration-manager-2012/
  http://www.windows-noob.com/forums/index.php?/topic/5250-using-sccm-2012-rc-in-a-lab-part-18-deploying-a-udi-client-task-sequence-with-mdt-2012-rc1-integrated-in-configuration-manager-2012/
  Thanks, Prabha G
  Thanks for the quick reply. But, what about the MDT Settings Package? Also, both have a pretty big folder structure for each package. Surely it does more than just provide a couple xml and ini files? I'm not looking for anyone to spoon-feed me the information,
  but at least a pointer in the right direction for finding the reference material. It seems for SCCM/MDT integration you have to go all over the place finding scraps of information to put together. 
  Also, any info on the SCCM/MDT task sequence templates? Thanks.