SCCM Current Branch What’s changed

https://technet.microsoft.com/en-us/library/mt622084.aspx

System Center Configuration Manager current branch introduces important changes from System Center 2012 Configuration Manager. The information in this topic identifies the more significant changes and new capabilities found in the baseline version 1511 of System Center Configuration Manager. To learn about additional changes that are introduced in subsequent updates for System Center Configuration Manager, see What’s new in System Center Configuration Manager incremental versions.

The December 2015 release of System Center Configuration Manager (version 1511), is the latest product release of Configuration Manager from Microsoft. It is tpically referred to as System Center Configuration Manager current branch. Current branch indicates this is a version that supports incremental updates to the product and can be an important distinction between this and past releases of Configuration Manager.

With this release System Center Configuration Manager:

  • Does not use a year or product identifier in the product name, as seen with past versions like Configuration Manager 2007 or System Center 2012 Configuration Manager.
  • Supports incremental in-product updates, also called update versions. The iniital release is version 1511. Subsequent versions are released several times a year as in-console updates, like version 1602 or 1606.

In-console updates for Configuration Manager

System Center Configuration Manager uses an in-console service method called Updates and Servicing that makes it easy to locate and then install recommended updates for Configuration Manager.

Some versions are only available as updates for existing sites (from within the Configuration Manager console), and cannot be used to install new Configuration Manager sites. For example, the 1602 update is only available from within the Configuration Manager console and is used to update a site that runs a baseline version of 1511 to version 1602.

Periodically, an update version will also be released as a new baseline version (like udpate 1606) which can be used to install a new hierarchy wihtout the need to start with an older baseline version (like 1511) and upgrade your way to the most current version.

For more information about using updates, see Updates for System Center Configuration Manager

Service connection point replaces Microsoft Intune connector

The Microsoft Intune connecter is replaced by a new site system role that enables additional functionality, the service connection point. The service connection point:

  • Replaces the Microsoft Intune connector when you integrate Intune with System Center Configuration Manager On-premises Mobile Device Management
  • Is used as a point of contact for devices you manage with
  • Uploads usage data about your deployment to the Microsoft cloud service
  • Makes updates that apply to your deployment available from within the Configuration Manager console

This site system role supports both an online and offline mode of operation that can affect its additional use. For more information see About the service connection point in System Center Configuration Manager.

Usage data collection

System Center Configuration Manager collects usage data about your sites and infrastructure. This information is compiled and submitted to the Microsoft cloud service by the service connection point (a new site system role) and is required to enable Configuration Manager to download updates for your deployment that apply to the version of Configuration Manager you use. When you configure the service connection point you can configure both the level of data that is collected, and whether this is submitted automatically (online mode) or manually (offline mode).

For more information see Usage data levels and settings.

Support for Intel Active Management Technology (AMT)

With System Center Configuration Manager, native support for AMT-based computers from within the Configuration Manager console has been removed.

  • AMT-based computers remain fully managed when you use the Intel SCS Add-on for Microsoft System Center Configuration Manager
  • Use of the add-on provides you access to the latest capabilities to manage AMT while removing limitations introduced until Configuration Manager could incorporate those changes
  • Out of Band Management in System Center 2012 Configuration Manager is not affected by this change

The removal of integrated AMT for System Center Configuration Manager includes:

  • The Out of Band Management point site system role is no longer used nor available

Deprecated functionality

With System Center Configuration Manager, some capabilities, like native Support for Intel Active Management Technology (AMT) based-computers is removed from the Configuration Manager console, while other capabilities like Network Access Protection are removed entirely. Additionally, some older Microsoft products like Windows Vista, Windows Server 2008, and SQL Server 2008, are no longer supported.

For a list of deprecated features, see Removed and deprecated features for System Center Configuration Manager

For details about supported products, operating systems, and configurations, see Supported configurations for System Center Configuration Manager

Client deployment

System Center Configuration Manager introduces a new capability for testing new versions of the Configuration Manager client before upgrading the rest of site with the new software. This new capability gives you the opportunity to set up a preproduction collection in which to pilot a new client. Once you are satisfied with the new client software in preproduction, you can promote the client to automatically upgrade the rest of the site with the new version.

For more information on how to test clients, see How to test client upgrades in a preproduction collection in System Center Configuration Manager

Operating system deployment

  • A new task sequence type is available in the Create Task Sequence Wizard, Upgrade an operating system from upgrade package, that creates the steps to upgrade computers from Windows 7, Windows 8, or Windows 8.1 to Windows 10. For more information, see Upgrade Windows to the latest version with System Center Configuration Manager.
  • Windows PE Peer Cache is now available when you deploy operating systems. Computers that run a task sequence to deploy an operating system can use Windows PE Peer Cache to obtain content from a local peer (a peer cache source) instead of downloading content from a distribution point. This helps minimize wide area network (WAN) traffic in branch office scenarios where there is no local distribution point. For more information, see Prepare Windows PE peer cache to reduce WAN traffic in System Center Configuration Manager.
  • You can now view the state of Windows as a Service in your environment, create servicing plans to form deployment rings and ensure that Windows 10 current branch computers are kept up to date when new builds are released, and view alerts when Windows 10 clients are near end of support for their build of Current Branch (CB) or Current Branch for Business (CBB). For more information, see Manage Windows as a service using System Center Configuration Manager.

Application management

  • System Center Configuration Manager lets you deploy Universal Windows Platform (UWP) apps for devices running Windows 10 and later. See Creating Windows applications with System Center Configuration Manager.
  • Software Center has a new, modern look and apps that previously only appeared in the Application Catalog (user-available apps) now appear in Software Center under the Applications tab. This makes these deployments more discoverable to users and removes the need for them to use the Application Catalog. Additionally, a Silverlight enabled browser is no longer required. See Plan for and configure application management in System Center Configuration Manager.
  • The new Windows Installer through MDM application type lets you create and deploy Windows Installer-based apps to enrolled PCs that run Windows 10. See Creating Windows applications with System Center Configuration Manager.
  • When you create an application for an in-house iOS app you only need to specify the installer (.ipa) file for the app. You no longer need to specify a corresponding property list (.plist) file. See Creating iOS applications with System Center Configuration Manager.
  • In Configuration Manager 2012, to specify a link to an app in the Windows Store, you could either specify the link directly, or browse to a remote computer that had the app installed. In System Center Configuration Manager, you can still enter the link directly, but now, instead of browsing to a reference computer, you can now browse the store for the app directly from the Configuration Manager console.

Software updates

  • System Center Configuration Manager now has the ability to differentiate a Windows 10 computer that connects to Windows Update for Business (WUfB) for software update management versus the computers connected to WSUS for software update management. The UseWUServer attribute is new and specifies whether the computer is manage with WUfB. You can use this setting in a collection to remove these computers from software update management. For more information, see Integration with Windows Update for Business in Windows 10.
  • You can now schedule and run the WSUS clean up task from the Configuration Manager console. You can now manually run the WSUS cleanup task from in Software Update Point Component properties. When you select to run the WSUS cleanup task, it will run at the next software updates synchronization. The expired software updates will be set to a status of declined on the WSUS server and the Windows Update Agent on computers will no longer scan these software updates. For more information, see Schedule and run the WSUS clean up task.

Compliance settings

  • System Center Configuration Manager introduces an improved workflow for creating configuration items. Now, when you create a configuration item, and select supported platforms, only the settings relevant to that platform are available. See Get started with compliance settings in System Center Configuration Manager.
  • The create configuration item wizard now makes it easier to choose the configuration item type you want to create. Additionally, new and updated configuration items are available for:
    • Windows 10 devices managed with the Configuration Manager client
    • Mac OS X devices managed with the Configuration Manager client
    • Windows desktop and server computers managed with the Configuration Manager client
    • Windows 8.1 and Windows 10 devices managed without the Configuration Manager client
    • Windows Phone devices managed without the Configuration Manager client
    • iOS and Mac OS X devices managed without the Configuration Manager client
    • Android and Samsung KNOX devices managed without the Configuration Manager client

See How to create configuration items in System Center Configuration Manager.

Protect data and site infrastructure

  • System Center Configuration Manager lets you integrate with Windows Hello for Business (formerly Microsoft Passport for Work) which is an alternative sign-in method that uses Active Directory, or an Azure Active Directory account to replace a password, smart card, or virtual smart card on devices running Windows 10. See Windows Hello for Business settings in System Center Configuration Manager.

Mobile device management with Microsoft Intune

System Center Configuration Manager introduces improvements to the mobile device management experience including:

  • Limit the number of devices a user can enroll
  • Specify terms and conditions users of the Company Portal must accept before accept before they can enroll or use the app
  • Added an device enrollment manager role to help manage large numbers of devices

For more information about mobile device management capabilities with Configuration Manager and Intune, see Hybrid mobile device management (MDM) with System Center Configuration Manager and Microsoft Intune.

On-premises Mobile Device Management

With System Center Configuration Manager you can now manage mobile devices using on-premises Configuration Manager infrastructure. All device management and management data is handled on-premises and is not part of Microsoft Intune or other cloud services. This type of device management doesn’t require client software since the capabilities that Configuration Manager uses to manage the devices are built into the device operating systems.

 

SCCM Task Sequence Client Logfiles

Below are the locations the log file will be in depending on what stage the TS is at:

During OS Deployment

Before your hard drive is formatted and partitioned

X:\windows\temp\smstslog\
After your hard drive is partitioned formatted

X:\smstslog\ and then is in C:\_SMSTaskSequence\logs\smstslog\


Within Windows

Within Windows before the SCCM agent is installed:

C:\_SMSTaskSequence\logs\smstslog\

 

Within Windows after the SCCM agent installed:
C:\windows\system32\ccm\logs\smstslog\

 

When the Task Sequence completes on a x86

C:\windows\system32\ccm\logs\


For x64 Systems

C:\windows\SysWOW64\ccm\logs\
You will need to enable your boot.wim with f8 support to retrieve the log if it bombs out before apply OS stage so that you can bring up the command prompt and copy the log to a share on the network.

 

SCCM WMI Query

The following WMI queries can be used as inspiration when working with driveres and other OS Deployment stuff…

IMPORTANT: If you copy/paste these queries, you might need to replace the quotes, as they often change format when you copy them from a website.

Dell | Hewlett-Packard | Lenovo | Microsoft | VMWare | Operating System

Dell

Manufacturer is Dell:
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Dell%”

Models from Dell:
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%Latitude E7440%”
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%Optiplex 990%”
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%Precision M6800%”
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%Venue 11 Pro 7130%”

Hewlett-Packard

Manufacturer is Hewlett-Packard:
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Hewlett-Packard%”

Models from Hewlett-Packard:
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%HP EliteBook 8540p%”
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%HP EliteBook 8560w%”
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%ElitePad 1000%”

Lenovo

Manufacturer is Lenovo:
SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Lenovo%”

Models from Lenovo:
SELECT * FROM Win32_ComputerSystemProduct WHERE Version LIKE “%ThinkPad T420%”
SELECT * FROM Win32_ComputerSystemProduct WHERE Version LIKE “%ThinkPad W520%”
SELECT * FROM Win32_ComputerSystemProduct WHERE Version LIKE “%ThinkPad Edge E330%”
SELECT * FROM Win32_ComputerSystemProduct WHERE Version LIKE “%ThinkPad Tablet 2%”

Microsoft Hyper-V

SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%Microsoft Corporation%” AND Model LIKE “%Virtual Machine%”

VMWare

SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE “%VMware%” AND Model LIKE “%VMware Virtual Platform%”

Operating System (Windows)

Determine 32 or 64-bit Operating System:
SELECT * FROM Win32_ComputerSystem WHERE SystemType LIKE “%x64-based PC%”
SELECT * FROM Win32_ComputerSystem WHERE SystemType LIKE “%x86-based PC%”

Determine Operating System version:
SELECT * FROM WIN32_OperatingSystem WHERE Version LIKE “6.1%”
SELECT * FROM WIN32_OperatingSystem WHERE Version LIKE “6.3%”

Usefull Commands

wmic baseboard get product
wmic csproduct get name
wmic csproduct get vendor, version
wmic computersystem get model,name,manufacturer,systemtype

Thanks to; http://www.ronnipedersen.com/wmi-query/

SCCM Versions

SCCM Versions

https://www.systemcenterdudes.com/sccm-2012-version-numbers/

Release Version Build Download
SCCM 2012 RTM 5.00.7711.0000 7711 N/A
SCCM 2012 RTM – CU1 5.00.7711.0200 7711 KB2717295
SCCM 2012 RTM – CU2 5.00.7711.0301 7711 KB2780664
SCCM 2012 SP1 5.00.7804.1000 7804 N/A
SCCM 2012 SP1 – CU1 5.00.7804.1202 7804 KB2817245
SCCM 2012 SP1 – CU2 5.00.7804.1300 7804 KB2854009
SCCM 2012 SP1 – CU3 5.00.7804.1400 7804 KB2882125
SCCM 2012 SP1 – CU4 5.00.7804.1500 7804 KB2922875
SCCM 2012 SP1 – CU5 5.00.7804.1600 7804 KB2978017
SCCM 2012 R2 5.00.7958.1000 7958 N/A
SCCM 2012 R2 – CU1 5.00.7958.1203 7958 KB2938441
SCCM 2012 R2 – CU2 5.00.7958.1303 7958 KB2970177
SCCM 2012 R2 – CU3 5.00.7958.1401 7958 KB2994331
SCCM 2012 R2 – CU4 5.00.7958.1501 7958 KB3026739
SCCM 2012 R2 – CU5 5.00.7958.1604 7958 KB3054451
SCCM 2012 R2 SP1 5.00.8239.1000 8239 N/A
SCCM 2012 R2 SP1 – CU1 5.00.8239.1203 8239 KB3074857
SCCM 2012 R2 SP1 – CU2 5.00.8239.1301 8239 KB3100144
SCCM 2012 R2 SP1 – CU3 5.00.8239.1403 8239 KB3135680
SCCM 1511 (Current Branch) 5.00.8325.1000 8325 N/A
SCCM 1602 (Current Branch) 5.00.8355.1000 8355 N/A

Update 160X for System Center Configuration Manager is an update that is available as an in-console for previously installed sites that run version 1511 or 1602. Version 1511 is the initial baseline version you use to install new Configuration Manager sites.
https://technet.microsoft.com/en-us/library/mt757350.aspx

System Center Configuration Manager uses an in-console Updates and Servicing process that makes it easy to discover and install Configuration Manager updates. This means no more service packs or cumulative update versions to track, or searching for the download of the most recent release or updates.

Instead, to update the product to a new version of the current branch you use the Configuration Manager console to find and then Install in-console updates for System Center Configuration Manager. A few times each year new versions release that include product updates. Each release can also introduce new features.

When you install an update with new features you can choose to use (or not use) those features in your deployment. Different update versions are identified by year and month numbers like 1511, which identifies November 2015 (the month when System Center Configuration Manager was first released to manufacturing). Later updates, beginning in 2016, have version names like 1602, which indicates an update that was created in February of 2016.

These update versions are key to understanding the incremental version of your System Center Configuration Manager installation, and what features you might have available to enable in your deployment.

The initial release of System Center Configuration Manager current branch is also referred to as version 1511. Since this initial release additional updates are available. Use the following links to discover what’s new with each version

Once you apply a cumulative update, your SCCM 2012 version on the site server itself will not change. The site server will show the latest major SCCM release (RTM,SP1,R2). However the new SCCM 2012 version numbers will show on your Consoles and Clients.

A simple way to verify the application of CU1 is to snoop the following registry location:Open the ConfigMgr console

1. Browse to Administration > Site Configuration > Sites
2. Right-click on the site you need information for, and selectProperties
3. You’ll find the site version and build number here

HKLM\SOFTWARE\Microsoft\SMS\Setup
Here we can find a Key nameCULevel with a value of the CU applied which will indicate the CU level, in this case CU1.

Console:
Once the console has been upgraded you will find that in Programs and Features the console is still listed at5.00.7804.1000 or SP1 prior to CU1.

When checking out ‘About Configuration Manager’ however, you will find that the console version has been incremented to Version 5.0.7804.1202 (SP1 CU1).

Furthermore the file Microsoft.ConfigurationManagement.exe found in the AdminConsole\bin folder will be versioned to 5.0.7804.1202 (SP1 CU1).

Inventory data (software) on this file is going to be a decent indicator of console versioning if using a collection query to upgrade a set of deployed console.

Client:
Finally the client is straight forward, once upgraded, the client version will be incremented to 5.00.7804.1202or that of SP1 CU1.

A simple collection query will produce all clients that have not received the update, which you can then use for deployment targeting (taking into account x86, x64).

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion < “5.00.7804.1202”

Monitoring Task Sequence Deployment

For more detail monitoring of the Task Sequence Deployment we can use the Status Message Queries in SCCM

Use the query below and change the AttributeValue (Task Sequence ID) and the SiteCode to your needs.

select stat.*, ins.*, att1.*, att1.AttributeTime from SMS_StatusMessage as stat left join SMS_StatMsgInsStrings as ins on stat.RecordID = ins.RecordID left join SMS_StatMsgAttributes as att1 on stat.RecordID = att1.RecordID inner join SMS_StatMsgAttributes as att2 on stat.RecordID = att2.RecordID where att2.AttributeID = 401 and att2.AttributeValue = “cs1205eeand stat.SiteCode = “PS1and att2.AttributeTime >= ##PRM:SMS_StatMsgAttributes.AttributeTime## order by att1.AttributeTime desc

Screenshot of the query:
StatusMessageQuery2

Show Messages:
StatusMessageQuery

The hash value is not correct

Source: SMS Client
Component:Task Sequence Engine
Message ID: 11135
Error: The hash value is not correct

Screenshot:
hashvalue

Description:
The task sequence execution engine failed executing the action (Apply Driver Package BX920 S4) in the group (Apply Driver Package) with the error code 2148077575 
Action output: … tion, dwFlags, L””, 0, dwPackageFlags, mapNetworkAccess ), HRESULT=80091007 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,3052) 
DownloadContentLocally (pszSource, sSourceDirectory, dwFlags, hUserToken, mapNetworkAccess), HRESULT=80091007 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,3273) 
TS::Utility::ResolveSource( pszPackageId, sSource ), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\osddriverclient\driverinstaller.cpp,472) 
pDriverInstaller->InstallDriverPackage( sPackageId, pBootCriticalInfo ), HRESULT=80091007 (e:\nts_sccm_release\sms\client\osdeployment\osddriverclient\osddriverclient.cpp,380) 
Exiting with return code 0x80091007 
Hash could not be matched for the downloded content. Original ContentHash = 744A5495442FB54F8EF9D1697946E545D977BF1696CD6DCA494AD36D32B29BD6, Downloaded ContentHash = 05062877E96ACF8D5D9C5653885F44A848DB40977160F73FB9448CF38CE16127 
Failed to determine the driver source location. Code 0x80091007 
Failed to provision driver. Code 0x80091007. The operating system reported error 2148077575: The hash value is not correct.

Solution:
Update distribution points
Be careful opening the DP directory in windows explorer, it may create desktop.ini files or thumbnail files which then make the hash invalid.

Implementing Endpoint Protection in Microsoft System Center 2012 R2 Configuration Manager

System Center 2012 R2 Configuration Manager has just been released. With it is a new version of System Center 2012 R2 Endpoint Protection. The Endpoint Protection feature is very similar to that from System Center 2012 Configuration Manager SP1. However if you are new to Configuration Manager, you will want to take this lab to gain experience in implementing System Center 2012 R2 Configuration Manager with Endpoint Protection in an isolated environment.

1 2