Category Archives: Configuraton Manager

ConfigMgr 2012 R2, Query HKLM with Hardware inventory


When you like to use a registry keys query in a ConfigMgr collection, you first have to Extend SCCM client Hardware Inventory with a Custom Attribute value.

You can do this with this description of Jyri Lehtonen.

After this you have changed the Configuration.mof en the MyInventoryExtension.mof





Now create a Collection with a query

create collection query

create collection query

Select the value of the registry key

query value

query value


the query looks like this:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_Custom_UMCGDeployID_1_0 on SMS_G_System_Custom_UMCGDeployID_1_0.ResourceId = SMS_R_System.ResourceId where SMS_G_System_Custom_UMCGDeployID_1_0.TSVersion = “BUILD017_00”


Windows XP CSA Updates in System Center Configuration Manager 2012 R2

This guide describes how to use System Center Configuration Manager 2012 R2 to import the Windows XP CSA updates.

 Logon to the System Center configuration Manager Management point and start the Windows Explorer goto C:\CSA  
 Remove the ‘old’ files from the Payload directory. Put them in the _Archive folder  
 Remove the ‘old’ cab file from the ScanCab directory. Put them in the _Archive folder  
 Download the ‘new’ Microsoft CSA Update Payload Packages to: C:\CSA\Payload And the CAB file to: C:\CSA\ScanCab. Use a Microsoft Account to get access to the Microsoft connect site.  
 Open a CMD (as an administrator) and change directory to C:\CSA  
 Excecute the command line: Wsusimporttool.exe c:\CSA\ScanCab\CSA-WindowsXPSP3.CAB c:\CSA\Payload\ c:\CSA\WorkingDir  
Reminder: if the wsusimporttool is giving an Error “No instance of WSUS found on this server. WSUSImportTool can only be run locally on a WSUS server” use the WsusUtil from C:\Program Files\Update Services\Tools\ WsusUtil.exe csaimport c:\CSA\ScanCab\CSA-WindowsXPSP3.CAB c:\CSA\Payload
Check if the updates are presented in the database. Start WSUS admin tool and check if the Custom Support updates are added.
Start the SCCM console and goto Administration | Site Configuration | Sites en selecteer de Site kies voor Configure site components | Software Update Point.
Change the settings to do not synchronize from Microsoft Update or upstream data source. Reminder: change these settings back at the end of this procedure
Go to the tab Sync Schedule and choose a date and time which will take place in a couple of minutes.
A new product group, with the name “Windows XP SP3 custom support” will appear. Check this product group. And sync again from the tab sync schedule
Open the wsyncmgr.log to see if the sync is started and when it will be finished.
Wait till it’s finished.
Change the settings back in the Sync Settings Synchronize from Microsoft update
Start the SCCM console and goto Software Library | Software Updates | All Software Updates Click on synchronize Software Updates. Watch the wsyncmgr.log
See if the updates are visible in the SCCM console
Deploy the updates to the XP collection
Click Run Now

ConfigMgr Task Sequence with OSD Options Chooser and computer OU move

The OSD Options Chooser will display an option chooser box during OSD when a computername starts with MININT or MINWINPC (unknown computers). The user can type a computername and choose in which Active Directory OU the computer will be placed during the installation. It will set a Task Sequence variable OSDDepartment which will be used in the Task Sequence to move a computer to another OU.
When the computername doesn’t start with MININT or MINWINPC the Options Chooser won’t pup-up.

In this example the OSD Option Chooser will ask for a computer name and gives 4 computer type choices. The installation will be un-anttended and will close when the computername does NOT start with MININT or MIN-WINPC.

1. Create a source directory and place the two file with the name:
• OSDOptionsChooserv3.hta
• OpenDesktop.vbs

You can find the source at the end of this page.

2. Check the code in the: OSDOptionsChooserv3.hta

3. Check the code in the: OpenDesktop.vbs
Change the values in the .vbs

4. Create a Configuration Manager Package and deploy it to the distribution points.
BLS0122 OSD Options Chooser

5. Open the boot image and add the Optional Component:
deploy this boot image to the distribu-tion points.

6. Open a Task Sequence and add the OSD Option Chooser package right after Partitioning the disks.
This first part will show the Option Chooser for unknown computers (MININT or MINWINPC).

7. The second part will move the computer to the OU which was specified in part one.

8. Open the Options tab and ad a Task Sequence Variable OSDDepartment.

I included one zip file with the OSDOptionChooser and OpenDesktop.vbs script we used within our company.

We added extra lines to the original script:
SysVarReg.RegWrite “HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Hostname”, sTSMachineName

And added parts for setting the Task Sequence variable OSDDepartment (OU options).
We deleted some parts we didn’t need.


you can find the original OSD Options Chooser script Created by Nick Moseley at

RES Workspace manager integration in System Center Configuration Manager

you can combine the two products Microsoft System Center Configuration Manager and RES Workspace Manager with eachother.

In this example i will distribute an ConfigMgr Application (*.msi) to an Windows client and refresh the workspace when the installation is done. Users will see the icon after the refresh.

RES Workspace Manager

In RES you need to have imported an Application with a location to it’s executable and to the icon.

When you go to the settings tab check the box “hide application if executable was not found”.

System Center Configuration Manager
In our case the Application Adobe Reader X is imported using the information from the AcroRead.msi. Afterwards I change the installation to a <install>.cmd files.

Within Configuration Manager you need to create a *.cmd file for the application with the following content.
@echo off
msiexec /i “%~dp0AcroRead.msi” TRANSFORMS=”%~dp0AdobeAcrobat_Reader_10.1.3.01.mst” /qb REBOOT=REALLYSUPPRESS
msiexec /p “%~dp0AdbeRdrUpd1013.msp” /qb /lv %temp%\AdbeRdrUpd1013.msp.log

%RESPFDIR%\pwrgate.exe -2

With the pwrgate.exe -2 command line, RES Workspace Manager will refresh the workspace.

In the Deployment Type, as mentioned, I changed the properties of the installation program to the *.cmd.

Deploy the application as an Available or Required application.
Available means the user can install it from the Application Catalog. Required means the application will be installed without user intervention.

End User
The End User can start the Application Catalog and start the installation of the application.

RES Workspace Manager will refresh the workspace automatically and the icon will be shown in the Start Menu.

Installing an SSD equipped machine with the Configuration Manager Task Sequence is causing problems. #yam

We had a problem deploying new laptops / notebooks with Sollid State Disk (SSD). They just came out of the box. The vendor had them pre-installed with eg. Windows 7.

We see that there is a problem when an Operating System is distributed by System Center Configuration Manager to client computers with SSD. There is no problem Continue reading

Move a computer to a different OU within a ConfigMgr 2012 SP1 Task Sequence. #yam

In the past we used a vbs-script in a ConfigMgr Task Sequence to detect if a computer was already added to the Active Directory. If it was detected in Active Directory it was moved to a OU with less policies. In this example I will create a System Center Orchestrator (SCOrch) Runbook which will detect if a computer is already an Active Directory member, and if so it will be moved to another predefined OU.


  • A System Center Configuration Manager 2012 SP1 infrastructure.
  • A System Center Orchestrator 2012 installation.
  • The Microsoft Deployment Toolkit 2012 Update 1 integration.
  • The Active Directory Integration Pack.
  • A Nework Access Account which has “Orchestrator User” credentials.
  • An AD service account with at least Account Operators credentials.

Configure the Active Directory Integration Pack

  • Start the System Center 2012 Orchestrator Runbook Designer.
  • Go to Options and change the SCORCH Dev – Active Directory Prerequisite Configuration.
  • Click on Add and type a Name
  • fill in the UserName, Password and the Domain name of the AD Account with Account Operators credentials
  • Click Finish.

Create a new Runbook

  • Start the System Center 2012 Orchestrator Runbook Designer
  • Create a new Runbook and rename it to ConfigMgr-TS-MoveComputerToDeploy
  • Add Initialize Data
  • Add Get Object DistiguishedName
  • Add Move AD Object
  • Create two links,
    • one between Initialize Data and Get Object Distiguished Name and
    • one between Get Object Distinguished Name and Move AD Object.
  • Open the Initialize Data Properties and click on Add.
  • Dubbelclick the Parameter 1 Activity data and change the name to Computer Name.
  • Click on Finish.
  • Open the Get Object DistinguishedName Properties.
  • Select the AD Connection Credentials under the Configuration Name properties.
  • type the DomainName.
  • Right click the field next to the Object Name Properties and select Subscribe > Published Data and select the Computer Name Activity.
  • Select computer from the drop down box under the Object Class
  • Click Finsih.
  • Open the Move AD Object Properties
  • Select the AD Connection Credentials under the Configuration Name properties.
  • Right click the field next to the Source Object LDAP Path and select Subscribe > Published Data
  •  In the Published Data, select Get Object DistinguishedName, and then select Object_LDAP_Path.
  • Click OK.
  • Right click the white field next to the Destination Container OU LDAP Path
  • And fill in the LDAP path of the Destination OU. It should look something like this: LDAP://OU=Deploy,OU=SUBOU,OU=SUBOU,DC=value,DC=kamman,DC=info
  • Click Finish.

Test de Runbook

  • Start the Runbook Tester.
  • Type the name of a machine which is a Active Directory member.
  • Step through the runbook and see if the log gifs you any errors.
  • If no errors are displayed Check In this new Runbook.

Add the Runbook to the Configuration Manager Task Sequence

  • Start the System Center 2012 Configuration Manager console
  • Go to Software Library | Operating Systems | Task Sequences
  • Create a new or edit an existing Task Sequence.
  • Add the MDT 2012 Deployment Toolkit Package to the task sequence.
  • Add the MDT/Execute Runbook step and fill in the Name, Orchestrator Server and Browse to the Runbook Move Computer.
  • Select Specify explicit runbook parameters and type next to Computer Name the variable %_SMSTSMachineName%.
  • Click Apply.

#mms2013, Microsofts End-User Self-Service Portals, a User-Centric approach!

During the Microsoft Management Summit 2013 (MMS2013) I saw Microsoft is shifting from a Device-Centric to a User-Centric approach with a lot of their products. They have different product available and a some of them use an End-User Self-Service Portal. They call it the User-Centric approach.

At this moment (april 2013) I see End-User Self-Service portals for 4 System Center 2012 products and a couple of other Self-Service portal outside the System Center Suite.

System Center Service Manager Self-Service Portal

System Center App-Controller Self-Service portal

System Center Virtual Machine Manager Self-Service portal

System Center Configuration Manager has two Self-Service portals (Application Catalog and Software Center)

ConfigMgr Software Center

ConfigMgr Application Catalog

Windows Intune

Windows Intune is not a System Center product, however you can use it as an add-on in System Center ConfigMgr. Intune has it’s own selfservice portal (Windows Intune Center or the Company Portal)

Windows Intune Center

Windows Intune, Company Portal

Azure has a Self-Service portal for customers.

Service Provider Foundation has a Service Management Portal for Administrators and a separate one for the different tenants.

I do not know all Microsoft product in detail, but if you know more Microsoft Product with and End-User Self-Service Portal in it, let me know!

Personaly i think Microsoft needs something like a System Center End User Portal (SCEUP) product which can combine all End-User portals into one single pane of glass.