Category: System Center

System Center Configuration Manager with Endpoint Protection

SCCM - How To Duplicate and Existing Query
SOLVED: How To Add Windows Build and Sub-build Numbers To System Center Configuration Manager Report

If you need to track which specific version of Windows 10 you desktops are running, SystemCenter would seem to be a great place to start looking.  However, the default reports in SCCM do not provide the level of detail most IT administrators require. This granular detail was not available in older versions of SCCM but it is now.   Fortunately, this adding in the Windows build information is now quite easy: Launch System Center Configuration Manager…

Read more...
WDS stuck at LOADING FILES Status 0xc0000001 Required Device Isn't Connected or Can't Be Accessed
SOLVED: Windows Deployment Services WDS hangs on “Windows is loading files” Status 0xc00000001 “Required Device Isn’t Connected”

If you are seeing your Windows Deployment Services WDS operating system installs stall on the WINDOWS IS LOADING FILES screen and then errors out with: Windows Failed To Start … Status 0xc0000001 Required Device Isn’t Connected or Can’t Be Accessed then have we got a fix for you! To get to the point, it appears that in March 2019 Windows Update Patch KB4489882 and/or KB4489881 tighted up security on the TFTP (Trivial FTP) that WDS…

Read more...
sccm-intune-hybrid-must-change-to-standalone-intune-2019
SOLVED: Intune vs GPO vs SCCM Which Rules Win & What The End of Hybrid SCCM-Intune Means for the Future

If you have a Group Policy Object or System Center Configuration Manager setting some parameter on your PC and you also have the setting configured in Microsoft Intune, Intune will win. Put simply, Intune overrides GPO and SCCM. It is also notable that Microsoft has dropped SCCM – Intune Hybrid support.  You must move your SSCM/Intune hybrid configuration to a Standalone Intune by September 2019. At the recent Microsoft Ignite Conference in Florida I asked…

Read more...
Microsoft-Store-for-Business
SOLVED: How To Disable the Public Microsoft Store but Allow Your Corporate Store

UPDATE OCT 18 2018 – You CAN now use a GPO to block the public Microsoft Store but keep your private corporate Store.  See our short explanation HERE. After working on setting up a private Microsoft Business Store (businessstore.microsoft.com) I was shocked to find that I could not disable the Public Microsoft Store through any of the settings.  I put a few hours into searching and reading but could not even find someone saying it…

Read more...
gpo-disable-store
SOLVED: GPO To Block Store On Windows 10 Pro

As you likely already know, because you have found this page, the GPO to disable the MICROSOFT STORE app was set to be ineffective on Windows 10 Pro after build 1511.  This annoying change meant that you could only block the store using a GPO if you were running Windows 10 ENTERPRISE or EDUCATION and that made admins cranky.  The solution was to block the store app through a SOFTWARE RESTRICTION GPO as we explained…

Read more...
SOLVED: Veeam Error – Changed Block Tracking Will Not Be Used For This VM Until You Upgrade the VM Hardware to Version 8.0 or Later on Server 2016

If you have recently upgraded your HyperV Servers or Cluster to Server 2016 and you are running Veeam, you may see the following error: Changed Block Tracking Will Not Be Used For This VM Until You Upgrade the VM Hardware to Version 8.0 or Later What this means is that Veeam will only perform FULL backups and not incrementals which is a bit of a crisis for most companies. Fortunately this is easy to fix,…

Read more...
SOLVED: What is VM Load Balancing in Server 2016 & How to Configure It Quickly

Windows Server 2016 introduces native Virtual Machine load balancing.  The idea being that Server 2016 Cluster Manager will now migrate VM’s to other Hosts in the cluster to level out the work load.  This is roughly the same as “Dynamic Optimization” in System Center Virtual Machine Manager but this is free. By default Microsoft does not want Server 2016 to move VM’s to different nodes unless one of the nodes is ‘hammered’.  In fact, the default configuration…

Read more...
SOLVED: How To Change PRODUCTS AND CLASSIFICATIONS for Windows Updates in SCCM 2016

If you have Windows Server Update Services (WSUS) you can easily change the PRODUCTS AND CLASSIFICATIONS by clicking OPTIONS > PRODUCTS AND CLASSIFICATIONS.  If you are using System Center to rollout Windows Updates, it is much more complex to change what products and categories SCCM is downloading from Microsoft and pushing to your PC’s. To Change the Windows Update PRODUCTS AND CLASSIFICATIONS in SCCM: Click ADMINISTRATION (bottom left) Click and expand SITE CONFIGURATION (top left)…

Read more...
SOLVED: How To Enable BLOCK AT FIRST SITE in Windows Defender SCEP Using SCCM or GPO in Windows 10 1607

If you have deployed Windows 10 Anniversary 1607 and are using Windows Defender you should be very interested in the new BLOCK ON FIRST SIGHT feature.  When a user runs a program that Defender has never seen before, BLOCK ON FIRST SIGHT, sends a metadata about the file to a Microsoft cloud service.  That service uses heuristics and machine learning to figure out of the program is malicious.  If it cannot make that determination, a copy of the…

Read more...
SOLVED: How to Set Timing of ‘Machine Policy Retrieval & Evaluation Cycle’

If you have ever worked with System Center Configuration Manager to manage PC’s, you will know that changes do not take place quickly, and that can be frustrating.  To have your PC’s take instruction from SCCM immediately, you need to manually kick off the ‘cycle’: Install the SCCM agent Go to the PC in question and bring up CONFIG MANAGER PROPERTIES > ACTIONS Manually start the ‘Machine Policy Retrieval & Evaluation Cycle’ But this leads…

Read more...
SOLVED: How to Deploy Software Using System Center Configuration Manager

Below is a the quick version of how to push software packages based on MSI’s, including any Transforms (.MST’s) using System Center Configuration Manager Before we get started I you should understand that the difference between an APPLICATION and a PACKAGE in SCCM is Packages are 2007 logic that you should stop using.  If you want to dig into this further, see our page on Applications vs Packages. To deploy software using SCCM High Level: In…

Read more...
SOLVED: What is the difference between an APPLICATION and a PACKAGE in SCCM?

In System Center 2007 and older deploying software was handled through PACKAGES and as such a category named PACKAGES in SCCM > SOFTWARE LIBRARY > OVERVIEW still exists for backwards compatibility.  System Center now uses APPLICATIONS to deploy software and that is what you should move to (or start with, if you are new to SCCM). The APPLICATIONS logic allows more options, like Supercedence, Requirements and Global Conditions.  Contrary to some reports, APPLICATIONS support both…

Read more...
SOLVED: How to Manually Disable System Center Endpoint Protection

From time to time, to accommodate an install or perform troubleshooting, we all need to temporarily shut down the Antivirus we are running. Disabling System Center Endpoint Protection however is not a nice affair.  You can either allow ALL users to turn it off or NO users to turn it off.  This means that in any real company in which standard users are locked down, Administrators can not easily shut it down.  I confirmed this with…

Read more...
Solved: How To Perform An Offline Install of System Center Endpoint Protection

In anything but the simplest networks, there will always be a few machines that need Antivirus but do not connect to the domain.  These could be lab machines, dedicated PC’s that run manufacturing equipment, field machines, loaners… So the question of how to install System Center Endpoint Protection on these disconnected machines is a valid one. Determine the Location of Your Endpoint Install File In System Center Configuration Manager, expand SOFTWARE LIBRARY > APPLICATION MANAGEMENT,…

Read more...