Hardware Inventory after SCCM OSD Task Sequence

August 4, 2017


I like using a lot of custom collections based on data from Hardware Inventory: Operating System Version, Hardware Manufacturer, Hardware Model, etc.

However to make sure the properties are available the Hardware Inventory needs to run at least once, using this information you will be able to start the hardware inventory right after the OSD task sequence completes. We will be using the Task Sequence Variable SMSTSPostAction:

Somewhere in the task sequence add “Set Task Sequence Variable” step. Give it an appropriate name and fill in the information as seen in the screenshot below:

If you want to copy/paste, here’s the value: %windir%\System32\wbem\WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000001}” /NOINTERACTIVE

When the task sequence completes, this action will occur.

When processing was succesfull you should see something like this in the dataldr.log (on the Configuration Manager site server)

Also locally on the computer where the task sequence was run, information can be found in the smsts.log and in the Inventoryprovider.log. Both logs located under C:\windows\ccm\logs

Hope this helps!


Best regards,






SCCM – Deploy Unknown Computers with Assettag as computername

January 5, 2017


In a recent Windows 10 deployment project (with SCCM) a customer of mine wanted to use the Serialnumber as the computername within Active Directory. The customer is using Unknown Computers so they don’t the need to import them first. Also there was the need to identify if a computer was a desktop or laptop, this was needed to make sure the computer was joined in the right OU depending of that type and to make sure Bitlocker was only applied to laptop computers.  To provide this functionality I’ve created a vbs script:

Part 1: Set Computername variable

Set objOSD = CreateObject(“Microsoft.SMS.TSEnvironment”)

Set SWBemlocator = CreateObject(“WbemScripting.SWbemLocator”)
Set objWMIService = SWBemlocator.ConnectServer(strComputer,”root\CIMV2″,UserName,Password)
Set colItems = objWMIService.ExecQuery(“Select * from Win32_SystemEnclosure”,,48)

For Each objItem in colItems
strOSDComputername = objItem.SerialNumber

objOSD(“OSDComputerName”) = strOSDComputerName

The variable OSDComputerName is a default task sequence variable. Therefore no further actions need to be taken in the task sequence to make sure it is used to name the computer.

Part 2: Set Chassis variable

Set colChassis = objWMIService.ExecQuery(“Select * from Win32_SystemEnclosure”,,48)
For Each objChassis in colChassis
    For  Each strChassisType in objChassis.ChassisTypes
        Select Case strChassisType

            Case 3
                  StrType = “Desktop”
            Case 4
                   StrType = “Desktop”
            Case 6
                   StrType = “Desktop”
            Case 7
                  StrType = “Desktop”
            Case 8
                StrType = “Laptop”
            Case 9
                 StrType = “Laptop”
            Case 10
                  StrType = “Laptop”
            Case 11
                  StrType = “Laptop”
            Case 12
                   StrType = “Laptop”
            Case 14
                  StrType = “Laptop”
            Case 15
                  StrType = “Laptop”
            Case Else
    StrType = “unknown”
            End Select

objOSD(“Chassis”) = StrType

The variable “Chassis” can now be used like any other task sequence variable to make sure certain steps only run for a laptop or desktop.

Save the above codesnippets into a vbs file and create an SCCM package containing the script.

Afterwards add a “Run Command Line” step to the task sequence, provide the package details and the following command line: cscript.exe “…vbs”

That should do the trick.

Obviously this is one solution among others, there are many other ways to accomplish the same but this seemed the easiest to me.

A little remark: When reinstalling a computer with Bitlocker enabled, make sure the Run Command Line step is located after the partition disk step, otherwise the script will fail as WMI cannot be accessed from WinPE. I’ve experienced this the hard way.

Hope this helps!


Best regards,









Add URL to customized Windows 10 Start Menu

September 1, 2016


Since more and more of our customers are adopting Windows 10 in their environment we start to learn more tricks every day.

An important component of Windows 10 is the start menu. Administrators could apply a default startmenu layout for all users by using a GPO but downside of this approach is that the user isn’t able to add any custom applications himself. That’s why I prefer to set the startlayout during the Windows 10 deployment task sequence using a Powershell script.

Afterwards the default layout is set when the user first logs in, from then on the user can edit his start menu as he likes. Adding “classical” applications such as Word, Excel and Powerpoint is quite easy as those applications are already present when the user first logs in. Adding a shortcut to a website might be a little bit harder, in this post I’ll be explaining the steps that need to be taken to accomplish this. It’s a combination of Powershell, SCCM  (also applicable for MDT) and Group Policy Preferences. Let’s get started

First of all start by customizing the start menu as you like on a test machine. The start menu I want is the one shown below. We’ll be focusing on the highlighted icon in the start menu as this is a URL, other shortcuts are applications.


When the start layout is finished, launch powershell and execute the following command to export the startlayout:

Export-Startlayout -Path “C:\windows\temp\Startlayout.xml”

The XML generated looks as follows (text in bold is related to the Citrix URL):

<LayoutModificationTemplate Version=”1″ xmlns=”http://schemas.microsoft.com/Start/2014/LayoutModification”&gt;
<LayoutOptions StartTileGroupCellWidth=”6″ />
<defaultlayout:StartLayout GroupCellWidth=”6″ xmlns:defaultlayout=”http://schemas.microsoft.com/Start/2014/FullDefaultLayout”&gt;
<start:Group Name=”Webbrowsers” xmlns:start=”http://schemas.microsoft.com/Start/2014/StartLayout”&gt;
<start:DesktopApplicationTile Size=”2×2″ Column=”0″ Row=”0″ DesktopApplicationID=”Microsoft.InternetExplorer.Default” />
<start:Group Name=”Office ” xmlns:start=”http://schemas.microsoft.com/Start/2014/StartLayout”&gt;
<start:DesktopApplicationTile Size=”2×2″ Column=”2″ Row=”0″ DesktopApplicationID=”{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\WINWORD.EXE” />
<start:DesktopApplicationTile Size=”2×2″ Column=”0″ Row=”0″ DesktopApplicationID=”Microsoft.Office.OUTLOOK.EXE.15″ />
<start:DesktopApplicationTile Size=”2×2″ Column=”0″ Row=”2″ DesktopApplicationID=”{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\POWERPNT.EXE” />
<start:DesktopApplicationTile Size=”2×2″ Column=”2″ Row=”2″ DesktopApplicationID=”{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Microsoft Office\Office15\EXCEL.EXE” />
<start:Group Name=”” xmlns:start=”http://schemas.microsoft.com/Start/2014/StartLayout”&gt;
<start:DesktopApplicationTile Size=”2×2″ Column=”2″ Row=”0″ DesktopApplicationID=”Microsoft.SoftwareCenter.DesktopToasts” />
<start:DesktopApplicationTile Size=”2×2″ Column=”0″ Row=”0″ DesktopApplicationID=”Microsoft.Windows.ControlPanel” />
<start:Group Name=”” xmlns:start=”http://schemas.microsoft.com/Start/2014/StartLayout”&gt;
<start:DesktopApplicationTile Size=”2×2″ Column=”0″ Row=”0″ DesktopApplicationID=”https://citrix.contoso.com&#8221; />

Now create an SCCM Package containing the XML file and a Powershell script with the following content:

Import-StartLayout -LayoutPath $PSScriptroot\StartLayout.xml -MountPath $env:systemdrive\

Now this can be executed using a Run Powershell Script during the SCCM OSD task sequence.

Without performing further actions when a user first logs in the start menu will be generated but the URL to citrix.contoso.com will not be present. To make sure it’s there we need to create a Group Policy Preference to put the exact URL in the start menu for the user. Pay close attention because the target URL specified in the GPP must EXACTLY match the value of DesktopApplicationID (without the “”)


Now when the user (for which the GPP is applied) logs on for the first time on a Windows 10 computer, the default Start layout will be applied properly and the URL will also appear.

Hope this helps!


Best regards,




Reboot notifications

May 9, 2016


Reboot notifications , we all hate to reboot. Normally the less the better but as … an admin you want to pursuade your users into rebooting the device from time to time. Keeps it healthy and running smoothly.

Now in sccm we have several options for rebooting. In this particalur case we supress the reboot for the update deployment. So the user gets notified but not forced to reboot.

Unfortunately the result was this :


That’s odd the windows update reboot notification was not wat we wanted. If we check the notifications area we see 2 notifications : one for sccm client and one for windows update.


The setting required to modify this behavior was the following :

· System -> Windows Components -> Windows Update -> Configure Automatic Updates :Disabled

· Re-prompt for restart : Disabled.


After modification of these policies the result was better ! Just one notification.


And if the user presses the Open restart button :


Or select the restart now option :


In the software center applet you can see detailed info about which update requires a reboot.


Now the behavior is different for software installations requiring a reboot. For example this IE11 installation returns a 3010.


The user will be notified about a required reboot on the device , the settings are be configured by the sccm client settings for “Computer Restart”


The user will recieve a popup :


If ignored the restart icon will stay in the notification area.


Now according to the settings there is a permanent message shown as soon as there is only 15′ left on the clock. The color of the progress bar will change and the hide button will become unavailable.



Gino D


March 16, 2016


WaaS or Windows-As-A-Service. It has quite a ring to it and you could think : what does it change for me ?

Well , actually quite a lot ! As explained in the following article https://technet.microsoft.com/en-us/library/mt598226%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396, Microsoft has evolved to a continous release cycle of new features of the client OS starting from Windows 10. What’s important about these new features is that Microsoft will provide servicing updates ( aka normal security updates ) for the last 2 features and they foresee 2-3 feature upgrades per year.


Windows 10 servicing options for updates and upgrades (Windows)https://technet.microsoft.com/en-us/library/mt598226%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

Basically this means that your enterprise has several options :

  • -> “Ahead of the competition” : Use the Windows 10 Professional or Enterprise build. Install new features to your likings but don’t skip more then 1 feature upgrade in order to keep getting these required servicing updates for your client environment. You can use all the new added value that will be made available to the client platform.
  • -> “Business As Usual” : Use the Windows 10 Enterprise Long term Servicing Branch build ( no Software Assurance ) for deployment. The build recieves servicing updates for 10 years but lacks certain features ( ex. Edge and Store ) and recieves no feature upgrades.
  • -> “Hybrid Model” : A combined model , let’s say the best of both worlds. You use Windows 10 Enterprise Long Term Servicing Branch with SA. This means that you deploy a LTSB build but when microsoft releases a Windows feature as LTSB feature you can deploy this build to your environment. Microsoft expects to release a new LTSB build every 12 months.

Now , this means that, if you would like to use the full blown potential of the client environment some checks are required :

Have the processes in place for a rapid, continuous release cycle.

How to test ? Who will tests ? What to test ? Approval in place ? A defined flow for new releases ?

Have the required resources for this.

The people are available to perform these actions ?

Have the required toolsets for this.

The management or deployment toolset needs to follow the releases. Some automated test scenarios can be an added value. Some ITSM tools might help too.

Have the mindset for this.

Maybe the most important one, Step away from the traditional approach.

So buccle up, find out which format is right for and find a partner that can help out on some of the missing pieces.


Gino D

SCCM Distribution point down !

December 17, 2015

Ho ho ho,

Almost merry Christmas everyone ! Enjoy the holidays .

Until then, here’s some useful information about fallback locations in sccm 2012.

As you all know there are lots of different options for redirecting a client to a specific distribution point for downloading content. The most common setup involves “preferred” distribution points linked to a specific boundary group. By specifying the option “allow fallback source location” on the distribution point we can allow clients to use a fallback option when content is not available.


Now there is a great blog going through the option in detail : http://blogs.technet.com/b/neilp/archive/2013/01/03/on-demand-content-distribution-fallback-distribution-points-a-2012-configuration-manager-micro-depp-dive.aspx

Here’s the catch however. These scenario’s all work when the DP is online but the content is unavailable.

But , if the DP is offline the deployment will fail as the MP will continue to present these DP’s to the clients even while unavailable. The client will retry the unavailable DP for 8 hours until switching to the next.

You can find detailed info about the behavior here : http://blogs.technet.com/b/wemd_ua_-_sms_writing_team/archive/2008/11/25/clarifying-retry-behavior-for-distribution-points.aspx


So what can we do ?

Well we can remove the DP from our boundary group and then the MP will no longer present it to the client.


Nice ! But that’s a manual action. No, not really as we can use orchestrator to run a simple ping test on our DP and when it’s unavailable just run a powershell script to remove it from the boundary group and add some alerting ( in our case we create an alert in SCOM ).

Some good examples can be found here : http://cm12sdk.net/?p=513

Enjoy !

Gino D

ADR and wsus sync #RDProud

August 28, 2015



Today I had a strange issue with some ADR. As you see we have 4 ADR set ( WKS Pilot & Production and SRV Pilot & Production )


Now if we check our Software update packages we see that for August we only have one package for WKS Production. None for the rest. How come ?


Let’s verify the logging. The execution of the ADR is logged in ruleengine.log


No applicable updates found for the first ADR.


146 updates found in the latest ADR. How come ?

Solution is found in the WSUS sync log. We see that at 09:00 when the first ADR was run the catalog file was not yet synced, so it did not contain the new updates. At 11:06 however it was synced so my ADR from 11:55 found all the required updates.


Okay so we modify the Sync Schedule for WSUS each 8 hours starting at 20:00.



Gino D