Using SCCM 2012 Compliance to check if a GPO applied

Similar Messages

• For find activated lync client using SCCM 2012

  Hi All,
  In my current company we have in deployed lync client. But we are not sure how many clients are activated.
  Is there any way to find which system got activated using SCCM 2012.
  Please suggest and let me know any reference.
  Thanks 

  I really don't know, but I would guess that a file or registry key would change once it's activated. Basically, I would simply compare an activated system with a not activated system and look for the difference. Once you've located that you can create
  a compliance setting to see how many system are actived, or not.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Windows 7 Deployment using SCCM 2012

  I am installing Windows 7 Enterprise 64bit on HP Desktops and Laptops using SCCM 2012 task sequence. I captured an image from the reference computer using capture media. The image works fine on Hp Desktops but when I install the same image on HP laptops,
  I get an error message right at the end "Windows Setup could not configure Windows to run on this computer's hardware". I captured another image with plain Windows 7 Enterprise without SP1, updates and drivers. it works perfectly fine on all desktops
  and laptops both. Below is the setupact and setuperr error logs. Much appreciated. 
  SETUPACT.LOG
  capisp.dll::CryptoSysPrep_Specialize: assigned CAPI machine guid "d01b5e9b-0af5-4b3c-a712-70977e79a177"
  2014-08-26 21:19:04, Info                         capisp.dll::SamConnect failed: c00000dc
  2014-08-26 21:19:04, Info                         capisp.dll::CryptoSysPrep_Specialize: DisableAdministratorIfApplicable failed
  2014-08-26 21:19:04, Info                         capisp.dll::CryptoSysPrep_Specialize: returning 65b
  2014-08-26 21:19:04, Error      [0x0f0082] SYSPRP LaunchDll:Failure occurred while executing 'C:\Windows\system32\capisp.dll,CryptoSysPrep_Specialize', returned error code 1627[gle=0x000003e5]
  2014-08-26 21:19:04, Info                  IBS    Callback_Specialize: Internal Providers Specialized Failed. System can't proceed to handle Internal Providers
  2014-08-26 21:19:04, Info                  IBS    Callback_Specialize: Specialize return: [1627]
  2014-08-26 21:19:04, Error      [0x060435] IBS    Callback_Specialize: An error occurred while either deciding if we need to specialize or while specializing; dwRet = 0x65b
  2014-08-26 21:19:04, Info       [0x0640ae] IBSLIB PublishMessage: Publishing message [Windows Setup could not configure Windows to run on this computer's hardware.]
  SETUPERR.LOG
  2014-08-26 21:16:24, Error                 SYSPRP SPPNP: Error 0x25 (CONFIGRET) occurred while determining the buffer size needed to hold the list of devices that are using service usbhub20.
  2014-08-26 21:16:24, Error                 SYSPRP SPPNP: Error 0x424 occurred while opening a handle to the service usbhub20.[gle=0x00000424]
  2014-08-26 21:19:04, Error      [0x0f0082] SYSPRP LaunchDll:Failure occurred while executing 'C:\Windows\system32\capisp.dll,CryptoSysPrep_Specialize', returned error code 1627[gle=0x000003e5]
  2014-08-26 21:19:04, Error      [0x060435] IBS    Callback_Specialize: An error occurred while either deciding if we need to specialize or while specializing; dwRet = 0x65b

  Hi,
  From your error log, we could see the root is the incorrect driver.
  How did you get the driver in your first image? If you enable "PersistAllDeviceInstalls" configuration when you capture the image, all Plug and Play devices in reference computer are uninstalled during the generalize pass and then reinstalled
  during the specialize pass.
  However, it‘s not always applied to your laptop.
  Thus I suggest you download the proper driver or change the BIOS hard disk drive setting to IDE to check the result.
  Warning: This procedure may involve changing your hard disk drive settings in the BIOS. Incorrect changes to the BIOS of your computer can result in serious problems. Microsoft cannot guarantee that problems that result from changes to the
  BIOS can be resolved. Change the BIOS settings at your own risk. Incorrect or corrupted BIOS settings can cause startup problems or shutdown problems.
  In addition, you could refer to the article below:
  “Windows Setup could not configure Windows on this computer’s hardware” installation error on a Windows 7-based or a Windows Server 2008 R2-based computer
  http://support.microsoft.com/kb/2466753/en-us
  Karen Hu
  TechNet Community Support

• Adobe Creative Cloud Enterprise Deployment Issues using SCCM 2012 R2

  Hi,
  I have been trying to deploy Adobe Creative Cloud Enterprise to Windows 8.1 machines that are identical, using SCCM 2012 R2.
  The Adobe package seems fine, because it seems to deploy successfully to some machines. And SCCM 2012 R2 has been configured correctly, as I can deploy other software using it, and again, it deploys Adobe CC successfully to some of the machines.
  I have tried comparing the package that is downloaded on the test machine/client machine, with the original package on the distribution point, using Beyond Compare, and there are no differences.
  I have contacted Adobe Enterprise Support, and they asked me to send to them log files from Event Viewer, the msi installer, and other Adobe logs, from the machine that failed the deployment. However, after Adobe studying them, they told me that they could not identify any problems... Strange, because I could have sworn that I saw error 1603 pop up over 20 times on different machines indicating that the 'Set-up.dat' file had a problem with it.
  After all the testing on over 20 identical machines (same hardware/same software), using different configurations on SCCM 2012 R2 and the client machines, I still can't seem to have a reliable solution to deploying Adobe CC.
  The fact that it deploys successfully on one machine and fails on another, or sometimes deploy to two machines and fail on another (simultaneously), is something that I don't understand.
  Another thing is that, if I retry the deployment 10-15 times after it failed the first time, it might go through...
  Adobe Enterprise Support asked me if they could remote into a machine that failed the deployment to have a look at it and I agreed to that option, but it seems like my issue has been ignored because they never got back to me.
  Has anyone had this kind of problem or anything similar before?
  I need to be able to deploy this remotely to 100+ machines. So installing manually is not an option.
  Any help is appreciated.
  This was posted in the wrong section a few days ago. I'm hoping I can get some help here.
  Case Number: 1862659812
  UPDATE: I spoke to Adobe Customer Support and after 1.5 hours on the phone with a remote session going on, problem was still not solved or identified. Additional log files have been sent and now I'm waiting for a call back.

  Hi Robert,
  We seem to be having a very similar issue.  Our installs would randomly fail with error code 1603 and an error message about a fault in Set-up.dat.  Failure rate was near 95% on our 900 machines.  Adobe Support and Karl having been looking into our issues but so far no solution has been found.
  Having done a lot of investigating we've managed to deploy our package using a schedule task running as a domain admin.  This is a nasty solution and we don't intend on using this permanently, but we needed to get the package out.
  Are you seeing any of the following:
  Entries in PDApp.log:
  [FATAL] |  | ASU | DeploymentManager | DeploymentManager |  |  | 2900 | The Bootstrapper Process is (5).Stopping the installation process.
  [FATAL] |  | ASU | DeploymentManager | DeploymentManager |  |  | 2900 | The return code from the Adobe Installer Process is (33).Stopping the uninstallation process.
  [WARN] |  | ASU | DeploymentManager | DeploymentManager |  |  | 2900 | Failed to find the pdb database.
  [WARN] |  | ASU | DeploymentManager | DeploymentManager |  |  | 2900 | Failed to get the local payload database handle.
  Event Log:
  Faulting application name: Set-up.dat, version: 2.9.1.474, time stamp: 0x54e11f94
  Faulting module name: Set-up.dat, version: 2.9.1.474, time stamp: 0x54e11f94
  Exception code: 0xc0000005
  Fault offset: 0x000d7c52
  Faulting process id: 0xb40
  Faulting application start time: 0x01d072a073861622
  Faulting application path: \\server.name.path\Adobe CC\FullPackage\Build\ASU\Set-up.dat
  Faulting module path: \\server.name.path\Adobe CC\FullPackage\Build\ASU\Set-up.dat
  Report Id: c86d9216-de93-11e4-8284-782bcb99e284
  Faulting package full name:
  Faulting package-relative application ID:
  Installer Log
  Indicates it can't find the Media_db.  We noticed that the folder C:\Program Files (x86)\Common Files\Adobe\caps doesn't get created on the machines were the install fails, so error message is correct in that there isn't a Media_db.db.  Sysinterals Process Monitor seems to show that the setup tried to create the folder/files but they don't actually get created.  Copying a Media_db into the folder from another machine seems to allow the installation to almost finish, but unsurprisingly you end up with problems later on.

• Error while deploying Windows 2008 R2 using SCCM 2012 R2

  I am trying to deploy Window 2008 R2 image (captured from a  reference machine) using SCCM 2012 R2. I have integrated MDT 2013 with SCCM 2012 R2 and created an MDT task sequence. During deployment, towards the end of Applying image.wim, it gives me
  an error that task sequence failed with the error code 0x80070002. And then the system reboots. After reboot, I am able to login to the Windows Server. It seems to work fine, but there are no applications etc installed. Also the _SMSTS log folder is still
  present in  the C drive. And in the smsts.log file, i can see errors like failed to copy unattend.xml file. Please help me.

  Hi,
  Error code 0x80070002, it means the system cannot find file specified.
  For more information, please review the link below:
  Task Sequence Failed with the Error Code 0x80070002
  http://prajwaldesai.com/task-sequence-failed-error-code-0x80070002/
  Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to configure SNMP on all managed client using SCCM 2012 SP1

  hi ,
  do you know  How to configure SNMP on all managed client using SCCM 2012 SP1?

  As a side note, I made an interesting discovery last week: the SNMP Service is deprecated in Windows Server 2012. Why would you want to use SNMP on an actual Windows OS though? There are far better ways available to monitor Windows. I'm sure that lines
  up with why they deprecated it.
  Jason | http://blog.configmgrftw.com

• What best way to turn on all computers remotely using sccm 2012 sp 1

  what best way to turn on all computers remotely using sccm  2012
  and what the difference  between wake on lan and out of band service point role

  Hey!!! I am a 1E engineer and MVP... we started the power management movement with our very first software product, created around 12 or so years ago, called 1E WakeUp. The complete solution which manages power on (integrated with SCCM, or stand alone if
  you are not an SCCM shop) and power off (under a tightly controlled process) is called
  NightWatchman
  Here is a
  recent blog post I authored that was the last in a series documenting the entire wake-up process including how it integrates with SCCM or stood up standalone. It contains links to those earlier posts that explain our entire technology, so you will likely
  want to read all of them in order for a full understanding of our technology. It works incredibly well, is the most mature solution in the industry, and is extremely simple to install with minimal resources.
  If you have any questions, feel free to reach out to me privately
  Ed Aldrich | 1E | Pre-Sales Solutions Engineer | ConfigManager MVP 2003-2012

• Import certificate in to Firefox certificate store using SCCM 2012 R2

  Hello,
  I'm trying to figure out how to import a certificate in to the Firefox certificate store using SCCM 2012 R2 to push out to 8,000 computers. The only answer I have found was to import the certificate manually on my computer and copy the "cert8.db" file out of my "appdata\Roaming\Mozilla\Firefox\Profiles\******.default\" folder and use this file to copy to all profiles on each computer. I have not tried this since I believe this is not a standard practice. Is there a Firefox certificate scripting tool that I can use to accomplish this or a recommended way?
  Thanks,
  Matt

  Hi,
  It is listed here:http://technet.microsoft.com/en-us/library/gg712298.aspx
  There are a number of limitations to supporting workgroup computers:
  Workgroup clients cannot locate management points from Active Directory Domain Services, and instead must use DNS, WINS, or another management point.
  Global roaming is not supported, because clients cannot query Active Directory Domain Services for site information.
  Active Directory discovery methods cannot discover computers in workgroups.
  You cannot deploy software to users of workgroup computers.
  You cannot use the client push installation method to install the client on workgroup computers.
  Workgroup clients cannot use Kerberos for authentication and so might require manual approval.
  A workgroup client cannot be configured as a distribution point. System Center 2012 Configuration Manager requires that distribution point computers be members of a domain.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• How to update Office 365 using SCCM 2012 R2?

  Hi,
  I am using SCCM 2012 R2 and Office 365 ProPlus.
  At products list (Software Update Point Components Properties) there is not Office 365.
  Office 365 automatically updates from Internet.
  I need to know the following:
  How to disable Internet automatic updates at Office 365
  How to deploy updates for Office 365 from SCCM.
  Thanks in advance!

  Funny thing you can't deploy those updates via WSUS and/ or ConfigMgr. See for more information:
  http://blogs.technet.com/b/office_resource_kit/archive/2014/01/21/managing-updates-for-office-365-proplus-part-1.aspx
  Also, make sure to read part 2 as it provides dome guidance on controlled testing of those updates.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Silently uninstall using sccm 2012 Manually installed software in my domain

  Dear All
  i am new to sccm 2012,
  we are experiencing headache issue in my domain.my domain users are roaming laptop users.
  we need to uninstall software silently using sccm 2012 configuration manager which software installed does not use sccm 2012(Manually installed by users).
  please share your valuable article and  suggestion according to this issue.....
  Thanks
  Parthiban.S
  [email protected]

  The most important is that you have to inventory the applications that are installed and based on that you have to decided which applications you want to remove. For those applications you can create uninstalls in ConfigMgr.
  For some information:
  http://blogs.technet.com/b/christianwb/archive/2014/03/17/using-configmgr-application-model-to-uninstall-old-software.aspx
  And: http://technet.microsoft.com/en-us/library/gg682013.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Use sccm 2012 R2 Toolkit on cu1

  Hi :)
  Is it ok to use sccm 2012 R2 toolkit on updated CU1 install or should I wait for updated toolkit verision ?
  Best regards
  Nenad

  To tag onto Phil's answer, CUs don't change the (major) version of the product in any way -- they are simply a collection of hotfixes that do not change core functionality and thus do not affect tools designed to run with that (major) version. There are
  always possibilities for bugs of course, but unless someone specifically identifies a bug, there's no plan to update the tools for CU1 because there's nothing to update. In fact, they've never had to update the tools for any previous CUs because of any problems.
  Jason | http://blog.configmgrftw.com

• Deploy Java Updates using SCCM 2012 SP1 and SCUP 2011

  What is the best way to deploy Java updates using sccm 2012 SP1 and SCUP 2011?

  I didn´t find Kent´s blog useful when talking about Java. I can deploy Adobe products fine, but I have to import Java manually because not having Shavlik certificate. So with that said, I have the fallowing problem;
  I have full offline installer unpacked, .msi file and Data1.cab. When I´m importing these binaries to SCUP, I only can point to .msi. Doing that, installation fails in client side fails because of lack of data1.cab fine, which is the main file.
  Should I use some other downloaded files of Java? I couldn´t find any Java-update-file only type of files to download.

• How would I rollback or remove a problematic software update using SCCM 2012?

  How would I rollback or remove a problematic software update using SCCM 2012?
  Primarily I'm thinking these patches would be Windows Vista/7/8 OS patches, but would include other Microsoft updates as well (eg. Office, etc.).
  Thanks,
  Bill

  Hi,
  You need to uninstall it using software distribution like a package/program, here is a script that can help you with the uninstallation.
  http://blog.coretech.dk/jgs/vbscript-uninstall-updates-on-winxpwin2003-win7-and-win-2008-r2-automatically/
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Deploy Internet explorer 11 with latest updates using SCCM 2012

  Hello,
  I'd like deploy IE11 with the latest updates included. The reason is that I want the IE 11 enterprise mode to be available as soon as IE11 gets installed.
  I don't want to wait an update scan cycle to trigger the installation of the updates.
  What is the best way to achieve that using SCCM 2012 ?
  Regards,
  Michel

  Hi,
  You have to capture the installation package with latest update by using IEAK 11 on the computer which has the IE11 with this feature.
  GP to enable this feature:
  Administrative Templates\Windows Components\Internet Explorer\Let users turn on and use Enterprise Mode from the Tools menu
  This is only for Windows 7 computer.
  As I mentioned above, for Windows 8.1, we can only deploy Windows 8.1 update 1 to add this feature to IE11, since there is no separated update can be installed for IE11 on Windows 8.1 to implement this.
  Windows 8.1
  Update (32-bit version)
  Windows 8.1
  Update (64-bit version)
  Kate Li
  TechNet Community Support

• Not able to push batch script for installing IIS all features using SCCM 2012 task sequence

  Hey Guys, I am working for this from a long time but not able to make it work, I am using following batch script for installing IIS  using SCCM 2012 task sequence:
  Dism.exe /online /Enable-Feature /FeatureName:IIS-WebServerRole /FeatureName:IIS-WebServerRole /FeatureName:IIS-WebServer /FeatureName:IIS-ApplicationDevelopment /FeatureName:IIS-Security /FeatureName:IIS RequestFiltering /FeatureName:IIS-NetFxExtensibility
  /FeatureName:WAS-WindowsActivationService /FeatureName:WAS-ProcessModel /FeatureName:WAS-NetFxEnvironment /FeatureName:WAS-ConfigurationAPI /FeatureName:NetFx3 /FeatureName:WCF-HTTP-Activation /FeatureName:WCF-NonHTTP-Activation /FeatureName:IIS-WebServerManagementTools
  /FeatureName:IIS-ManagementConsole /FeatureName:IIS-ManagementScriptingTools  /FeatureName:IISIIS6ManagementCompatibility /FeatureName:IIS-ManagementService /FeatureName:IIS-Metabase /FeatureName:IIS-WMICompatibility
  When I run this script as admin by right click on it and select "run as a administrator" the script works fine but when I pushed the script as a software package or a step in OSD task sequence, nothing happens. I also tried
  run command line option but no luck. Please help me with this.
  Thanks,
  VST

  1. When I used "run command line" option I found following errors in smsts.log:
  Remediation failed. Code 8027000C TSManager 1/2/2014 2:32:12 PM 2720 (0x0AA0)
  Remediation failed with error code 8027000C TSManager 1/2/2014 2:32:12 PM 2720 (0x0AA0)
  Remediation failed. Code 8027000C TSManager 1/2/2014 2:34:16 PM 2092 (0x082C)
  Remediation failed with error code 8027000C TSManager 1/2/2014 2:34:16 PM 2092 (0x082C)
  Failed to run the action: Run Command Line.
  Unknown error (Error: 800F080C; Source: Unknown) TSManager 1/2/2014 2:34:32 PM 2092 (0x082C)
  Failed to delete directory 'C:\_SMSTaskSequence' TSManager 1/2/2014 2:34:33 PM 2092 (0x082C)
  SetNamedSecurityInfo() failed. TSManager 1/2/2014 2:34:33 PM 2092 (0x082C)
  SetObjectOwner() failed. 0x80070005. TSManager 1/2/2014 2:34:33 PM 2092 (0x082C)
  RemoveFile() failed for C:\_SMSTaskSequence\TSEnv.dat. 0x80070005. TSManager 1/2/2014 2:34:33 PM 2092 (0x082C)
  RemoveDirectoryW failed (0x80070091) for C:\_SMSTaskSequence TSManager 1/2/2014 2:34:33 PM 2092 (0x082C)
  Failed to delete registry value HKLM\Software\Microsoft\SMS\Task Sequence\Package. Error code 0x80070002 TSManager 1/2/2014 2:34:33 PM 2092 (0x082C)
  RegQueryValueExW failed for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram TSManager 1/2/2014 2:34:34 PM 2092 (0x082C)
  GetTsRegValue() failed. 0x80070002. TSManager 1/2/2014 2:34:34 PM 2092 (0x082C)
  ReleaseRequest failed with error code 0x80004005 TSManager 1/2/2014 2:34:34 PM 2092 (0x082C)
  RegQueryValueExW failed for Software\Microsoft\SMS\Task Sequence, SMSTSEndProgram OSDSetupHook 1/2/2014 2:34:35 PM 360 (0x0168)
  GetTsRegValue() failed. 0x80070002. OSDSetupHook 1/2/2014 2:34:35 PM 360 (0x0168)
  2. We are not using MDT in our environment so I ant use add features and roles option.
  3. The script is running fine when we run it manually.