Using the pre-configured SCCM 2012 SP1 endpoint protection templates for Exchange 2010?

Similar Messages

• Integrating SCCM 2012 SP1 Endpoint Protection Manager with SIEM

  Team,
  Does anyone know how to expose the central SCCM antimalware reporting data to external sources?  I would like to take all centrally collated security events and load the data into Arcsight express, e.g. client malware detection events.  Are all
  client security events logged in a file on the SCCM server before being copied to the SQL database?  Or do I have to read a SQL table to get this information?  Any help greatly appreciated.
  Cheers
  Rod

  Hi,
  You will have to read that from the ConfigMgr database views, start by having a look a the SCCM_EXT.vex_EP_AntimalwareInfectionStatus view.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Deploying Office 365 Pro Plus using System Center Configuration Manager 2012 SP1

  Hello,
  I am trying to deploy Office 365 Pro Plus to my client machines (more than 100) via. System Center Configuration Manager 2012 SP1. It will use one administrator account for installation. But as per the licensing, we can install Office for up to 5 PCs/Macs
  and 5 more Windows tablets/iPads with one Office 365 Pro Plus licenses. If this is the case, then I cannot install Office 365 Pro Plus with one admin account to my 100+ machines, as it will violate the licenses of O365 Pro Plus.   
  So, what is the alternative approach?
  Thanks
  Raj

  If this is the case, then I cannot install Office 365 Pro Plus with one admin account to my 100+ machines, as it will violate the licenses of O365 Pro Plus.
  Hi,
  this is incorrect.
  There is no licensing restriction/control for the *installation* account at all, the licensing is related to who is *using* Office365ProPlus *after* installation is performed. This control, is implemented by the Microsoft Account, or OrgID, used to sign-in/activate
  to Office365 when *using* Office365ProPlus.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• How Does Configuration Manager 2012 R2 Endpoint Protection Stack Up to the Competition (Bit9, Symantec, McAfee, etc.)?

  I have a client in the financial services sector that owns System Center 2012 R2 (just Operations Manager 2012 R2 deployed so far) that is being courted by Bit9 for its "superior" endpoint protection. Can anyone point me to some credible resources
  for comparing Microsoft's Endpoint Protection (component of Configuration Manager 2012 R2) to the competition (Bit9, Symantec, McAfee, etc.)?
  If Microsoft's Endpoint Protection is "good enough" (and has a credible long term product roadmap), it probably makes sense to deploy that since it has already been purchased/licensed.  Any feedback is much appreciated.
  Thanks in advance.
  Bill Thacker

  Check out this page :
  http://www.microsoft.com/security/portal/mmpc/research/awards-and-certifications.aspx
  Under "Highlight" 
  There are many awards and certification programs across the IT security industry. Detailed below are some of the most widely recognized programs and testing
  bodies.
  Benoit Lecours | Blog: System Center Dudes

• Any Limits to using BranchCache with Configuration Manager 2012 SP1 or R2

  Have a client looking to leverage the Branchcache feature in their office locations, over 1000 with numbers ranging from 2 - 40 in size.  There would be 2 - 4 central Primary distribution points servicing these clients in the 1000+ offices.
  Do I need to look at requesting them to make changes to their design to have more distribution points to allow more branchcache clients to connect, are there any limitations?
  I am aware the content is un managed (self managed no control) so the distributions may go over the links more then once.
  Also aware that this would autoset a branchcache on each subnet even though it is a single location, but has multiple subnets.
  Thanks,

  Have a read about our BranchCache addons after reading our FAQ, for others just wanting some info:
  1. Yes the servers needs to have the same key to ensure that hashes are compatible for all servers (i.e. the same)
  2. Reporting will show how efficient it is:
  http://2pintsoftware.com/portfolio-items/branchcache-reporting/?portfolioID=10528
  3. Yes its per Subnet

• SCCM 2012 R2 - Endpoint Protection is greyed out

  Somehow the Endpoint Protection menu is greyed out for me. It was setup and we use it to do a quick scan on user's machine when needed. All of the sudden, it's being greyed out. Does anyone knows how to fix this problem?

  Hi,
  Have you seen this thread?
  Right click on a server endpoint greyed out
  http://social.technet.microsoft.com/Forums/en-US/efe34496-8cf2-4fe7-9074-83221bf8bf9e/right-click-on-a-server-endpoint-greyed-out?forum=configmanagersecurity
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to convert Unmanaged SCEP clients to Managed in SCCM 2012 SP1

  We recently started installing SCEP clients from the .exe and a preconfigured .xml file to client machines in a domain setting.  This was done from a USB drive, going from machine to machine, with a  .bat file.
  This was a stop-gap until we were able to install and configure SCCM 2012 SP1.
  PCs that already had the SCEP client (prior to SCCM coming into production) are showing up as unmanaged.  PCs that have had SCCM install SCEP all are listed as managed.
  I've searched, but have yet to find a definitive answer as to how get the manually installed SCEP clients to register as managed in SCCM.
  AD Domain with WIN 2008 R2 DC, SQL 2012 Standard, SCCM 2012 SP1

  Also, make sure the Endpoint Protection Point is installed properly on SCCM and the Client Setting for SCEP is enabled.
  Juke Chou
  TechNet Community Support

• How to configure SNMP on all managed client using SCCM 2012 SP1

  hi ,
  do you know  How to configure SNMP on all managed client using SCCM 2012 SP1?

  As a side note, I made an interesting discovery last week: the SNMP Service is deprecated in Windows Server 2012. Why would you want to use SNMP on an actual Windows OS though? There are far better ways available to monitor Windows. I'm sure that lines
  up with why they deprecated it.
  Jason | http://blog.configmgrftw.com

• Declaring an SCCM 2012 SP1 server as the "Publishing Server" for App-V 5 SP2

  Good morning everyone.
  I'm trying to virtualize Adobe Flash 10.3 for IE.  That's beside the point but I wanted to mention my ultimate goal.
  Sparing you all the App-V stuff I have to go through there's one obstacle that is hindering me at this point.
  I've converted completely to CM 2012 SP1 for my App-V deployment functions but find myself needing to specify our main CM server as the "AppVPublishingServer".  The ultimate goal here is to set the virtual app attribute of "IsPublishedGlobally"
  to TRUE.  I need to refer to the Publishing Server's URL in order to use the PoSH command "Set-AppVpublishingserver" to manipulate the "Global" parameters.
  Do any of you know how to configure this attrib through CM, or, how to declare the CM server as a Publishing Server (in App-V's eyes)?
  Thanks very much.
  IAmStrings

  Hello,
  If using SCCM and the App-V 5 integration, you can never configure a publishing server.
  Read this whitepaper for the full-story;
  http://blogs.technet.com/b/virtualvibes/archive/2013/04/22/sccm-2012-sp1-and-app-v-5-0-documentation.aspx
  It contains step-by-step instructions on howto use the integration.
  Nicke Källén | The Knack| Twitter:
  @Znackattack

• How to Custom Report using sql server report builder for SCCM 2012 SP1

  Hi ,
  I am new to database, if i want to create a manual report using sql server report builder for SCCM 2012 SP1, what step should i take.
  i want to create a report in which computer name, total disk space, physical disk serial no come together. i already added class (physical disk serial no.) in hardware inventory classes. refer snapshot

  Hi,
  Here is a guide on how to create custom reports in Configuration Manager 2012, it is a great place to start, change to the data you want to display instead.
  http://sccmgeekdiary.wordpress.com/2012/10/29/sccm-2012-reporting-for-dummies-creating-your-own-ssrs-reports/
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• SCCM 2012 SP1 - Offline Servicing failure - Failed to find or access the update binaries to be applied on the image

  Hi there
  Trying to patch a new Windows 7 SP1 image within SCCM 2012 SP1, but it's failing.
  I've searched for information on the failure messages I am seeing, but although there is a LOT of information online concerning Offline Servicing failures, I can't find anything on the errors I am seeing.
  I've tried injecting a single update, five updates and ten updates, no difference, same messages.
  We have McAfee Access Protection disabled, as we know Offline Servicing simply won't work if this is running.
  In the console, in Schedule Update Status for the image I am trying to update, the following message is shown:
  "Failed to find or access the update binaries to be applied on the image."
  That sounds as if the process can't find the actual .cab file for any update I've tried to inject, but I don't know why it wouldn't be able to do that, we have Software Updates configured and the .cab files are on the same server.
  When I looked at the OfflineServicingMgr.log file, I see the following entries:
  Processing image at index 1        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:52:49        8272 (0x2050)
  Mounting image at index 1. Image file='D:\ConfigMgr_OfflineImageServicing\PackageID\W7_Image.wim', MountDirectory='D:\ConfigMgr_OfflineImageServicing\PackageID\ImageMountDir', ImageFileType='WIM', Mode='ReadWrite'        SMS_OFFLINE_SERVICING_MANAGER       
  14/06/2014 14:52:49        8272 (0x2050)
  Image OS information : MajorVersionMS = 6, MinorVersionMS = 1, MajorVersionLS = 7601, MinorVersionLS = 17514        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:53:31       
  8272 (0x2050)
  Failed to find properties of file 4        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:53:31        8272 (0x2050)
  UnMounting Image (Commit Changes = 0) ...        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:53:31        8272 (0x2050)
  Completed processing image package PackageID. Status = Failed        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:54:04        8272 (0x2050)
  Updated history for image package PackageID in the database        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:54:04        8272 (0x2050)
  Schedule processing failed        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:54:04        8272 (0x2050)
  Processing completed for Schedule with ID 16777237        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:54:04        8272 (0x2050)
  STATMSG: ID=7910 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=SCCMServer.domain SITE=Site_Code PID=8560 TID=8272 GMTDATE=Sat Jun 14 13:54:04.964 2014 ISTR0="16777237" ISTR1="" ISTR2=""
  ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0        SMS_OFFLINE_SERVICING_MANAGER       
  14/06/2014 14:54:04        8272 (0x2050)
  Schedule processing thread stopped        SMS_OFFLINE_SERVICING_MANAGER        14/06/2014 14:54:05        8272 (0x2050)
  I'm not sure what file "Failed to find properties of file 4" is referring to, whether dism.exe, an update or the image itself, but immediately after this message appears the image is unmounted. After that this message shows:
  "Completed processing image package PackageID. Status = Failed"
  As I say, there's a lot of information available re Offline Servicing but I haven't found anything with these particular messages.
  If anyone has encountered this before, I'd appreciate any information you have.
  Regards,
  John.

  Hi,
  I think file named 'NO_SMS_ON_DRIVE.SMS’ might be causing this issue. If this file is present in logical drives, then please give it a shot one more time after deleting this file from the logical drives.
  Due to this file, it might be preventing 'smsexec' service to skip the drive when looking for content. So worth a try!
  After deleting this file, you also need to restart 'smsexec' service to reflect the changes. You can also verify from below registry value & ensure that all of your logical drives (specially where SCCMContentLib directory resides) should be listed
  over there 
  'HKLM\Software\Microsoft\SMS\DP\ContentLibUsableDrives'
  Hope this will help!
  Cheers | Navdeep Sidhu

• SCCM 2012 SP1 - OS Deployment - hash could not be matched for the downloded content

  I've got a newly deployed SCCM 2012 SP1 running on Windows Server 2012. The W2K12 runs as vm on ESX 5.1. I'm having very odd issues with OS deployment. The TS keeps failing when processing SCCM client installation - it downloads the package but then it fails
  straight away with the 80091007 - hash values couldn't be matched error - some extract from smsts.log attached below. It's very consistent, it happens every time - it downloads and applies the image fine straight after that it bombs out.
  What is very interesting is that it works perfectly fine when I deploy vms (on the same or different host) - the issue seems to be be only affecting physical machines (laptops desktops). This might suggest some network issues (vSwitch with Cisco switches) but
  the config on the switch is very simple and this shouldn't be the case.
  I had a few virtualised SCCM 2007 installations (ESX 5 and 4) and it always worked with no problems.
  I tried to recreate the package (changing source directory), turn binary differential replication on and off, copy the content of the package to the dist point or not copy. Push client installation (or other package deployments) work fine
  When I tried to deploy with no download - sometimes it works but most of the time I'd get the files/folder corrupt error (can't remember the No)
  This is starting to drive me crazy - There are some significant changes in the way SCCM 2012 is validating package integrity (like Content Lib folder) but the consistency of this problem is just very odd.
  Anyone has any clues?
  thanks
   - Downloaded file from http://GTKVMGMT05.GTK.LOC...m?/x64/wic_x64_enu.exe to C:\_SMSTaskSequence\Packages\GTK0000C\x64/wic_x64_enu.exe 
   - Download done setting progress bar to 100
  VerifyContentHash: Hash algorithm is 32780
  c:\_smstasksequence\packages\GTK0000c\i386 is a directory. Setting directory security
  c:\_smstasksequence\packages\GTK0000c\x64 is a directory. Setting directory security
   - Hash could not be matched for the downloded content. Original ContentHash = 5EF3A189C48F3469440A83026EC8ECD36EAD6EAF3B5D35663F8201BDE175413C, Downloaded ContentHash = FA4516EDD2D7907F8FA472A3E1B717DF2DD4A0976CD4CEAE11045EE62EC8C661
  0L == TS::Utility::VerifyPackageHash(pszContentID, sDestination), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,2999)
   - DownloadContentAndVerifyHash(pszPackageID, L"SMSPackage", saHttpContentSources, saSMBContentSources, saMulticastContentSources, sDestination, dwFlags, L"", 0, dwPackageFlags, pszUserName, pszUserPassword ), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3106)
   - DownloadContentLocally(pszSource, sSourceDirectory, dwFlags, hUserToken, pszUserName, pszUserPassword), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3331)
  ResolveSource(pszSource, sSourceDirectory, dwFlags, 0, 0, 0), HRESULT=80091007 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3221)
  TS::Utility::ResolveSource(sClientPackageID, sClientPackagePath), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\osdgina\basesetuphook.cpp,1655)
   - Failed to resolve package source "GTK0000C"
   - Exiting ConfigureEx: 0x80091007
   - BaseSetupHook::configure(sWindowsDir), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\osdgina\osdsetuphook.cpp,292)
   - Failed to configure OSD setup hook (0x80091007)
   - Failed to configure OSD setup hook (0x80091007)

  is this the only indication of a problem in your smsts.log file ? did you apply the
  authenticode hotfix or have you
  downloaded the SP1 media after that hotfix was applied ?
  Step by Step Configuration Manager Guides >
  2012 Guides |
  2007 Guides | I'm on Twitter > ncbrady

• New SCCM 2012 client machines still getting SCCM 2012 SP1 client not the new SCCM 2012 SP1 CU3 client

  Hi,
  I've successfully (as far as I can tell) deployed SCCM 2012 SP1 CU3 and all my existing clients are showing a client version of 5.00.7804.1400.  But when I setup a new client system recently I noticed that the client version was showing 5.00.7804.1000,
  and not 5.00.7804.1400. 
  For new client systems, do I need to redeploy the packages that were created for SCCM 2012 SP1 CU3 so that the new systems get the new SCCM 2012 SP1 CU3 client? 
  Thanks,
  Nick

  Hi,
  Here's some good information to look over:
  http://sccmfaq.wordpress.com/2013/09/24/sccm-2012-include-cu-in-osd/
  I haven't followed these instructions myself, since I haven't really had any good reason to include CUs during the initial installation process. I use this method instead and I've never run into any problems:
  http://www.ronnipedersen.com/2013/06/installing-sccm-2012-sp1-cu2-quick-start-guide/
  Don't retire TechNet! -
  (Don't give up yet - 12,575+ strong and growing)

• Can I have an SCCM 2012 R2 server and a SCCM 2012 SP1 server in the same site?

  We are currently using SCCM 2012 SP1/MDT 2012 Update 1 to deploy Windows 7, and to migrate existing XP installs to Windows 7 (using the offline USMT functionality in MDT).  We are moving forward with Windows 8.1, and understand that
  we need to upgrade our SCCM infrastructure to SCCM 2012 R2/MDT 2013.  We also understand that this will cause us to lose the ability to migrate XP machines, since MDT 2013 uses a newer version of USMT that doesn’t support XP.
  What do we need to do to continue to support our XP migrations, and enable deployments of Windows 8.1?
  Can we have two SCCM servers in the same Site running different versions of SCCM? Do we need a separate site? 

  You don't explicitly need ConfigMgr 2012 R2 to support Win 8.1. SP1 CU3 will suffice although managing a few things like boot images is a little more difficult: http://blogs.technet.com/b/configmgrteam/archive/2013/10/21/how-to-enable-windows-8.1-deployment-in-sc-2012-configmgr-sp1-cu3.aspx
  You could create two separate site hierarchies, but that would be painful and involve tons of duplication. There would be other issues also if the systems are located on the same subnets and in the same AD forest.
  The best option is to get rid of XP. EOL is in less than 30 days!
  Next best is to stay on SP1 CU3 until you get rid of XP. I know that sucks, but keeping XP around is the root cause of this and many other coming issues in any organization wanting to keep it around.
  Jason | http://blog.configmgrftw.com

• Prestaged OSD using SCCM 2012 SP1 windows Partition variable is not being set

  Hello All  I need some assistance with a workaround.
  I am using a presaged task sequence created from a working network / PXE deployment TS for windows 7.
  This TS sets a variable for the OS partition called "Windows" and the value is set in the Partition Disk task.
  Problem is this value is not being read from a prestaged due to the OEMMedia condition skipping this partition and format task.
  Question is how do I get it to read and or set the value for that partition?
  From what I have found on Google this was an issue in beta of MDT but was fixed in RTM.  I am not using MDT TS but I do have it installed. Any idea if this is a known issue with SCCM 2012 sp1 TS? 
  Edit: also noticed that the variable's case is different and will not let me change it.
  Variable under format is "windows"  variable under Apply OS is "Windows"  when I change them to be the same then close and reopen they revert back to the above.  Are these variables case sensitive?
  Edit: for now I have changed it from variable to next available partition.  I tested it twice so far it seems to be using the correct partition and it remains to be called the C drive.  For now this will be my solution.

  When you say "presaged task sequence created from a working network / PXE deployment TS" are you saying this is still a network boot process? Or have you done "Create Task Sequence Media"?
  Dustin Estes - MCP
  yes when i say prestaged that is using the create task sequence media then selecting prestaged.