sccm program assignment schedule

Deploying Applications Using SCCM

In this post we will see the steps for deploying applications using SCCM. An application in Configuration Manager contains the files and information required to deploy a software package to a device and the information about the software that all deployment types share.

Applications are similar to packages in Configuration Manager, but contain more information to support smart deployment. When you make changes to an application, a new revision of the application is created. Previous versions of the application are stored, and you can retrieve them at a later time.

Application Deployment Properties

When we deploy applications, we will come across few of the elements of applications :

1) Application Information – This provides general information about the application such as the name, description, version, owner and administrative categories. Configuration Manager can read this information from the application installation files if it is present.

2) Application Catalog – Provides information about how the application is displayed to users who are browsing the Application Catalog.

3) Deployment Types – A deployment type is contained within an application and contains the information that is required to install software. A deployment type also contains rules that specify if and how the software is deployed. A single application can have multiple deployment types that use the same technology.

a) Windows Installer – Creates a deployment type from a Windows Installer file. Configuration Manager can retrieve information from the Windows Installer file and related files in the same folder to automatically populate some fields of the Create Deployment Type Wizard.

b) Microsoft Application Virtualization – Detects application information and deployment types from a Microsoft Application Virtualization 4 manifest (.xml) file.

c) Windows Mobile Cabinet – Creates a deployment type from a Windows Mobile Cabinet (CAB) file.

d) Nokia SIS file – Creates a deployment type from a Nokia Symbian Installation Source (SIS) file.

When you deploy applications using SCCM, you come across 2 things – Deployment Action and Deployment Purpose. Both of these are really important.

Deployment Action – Deployment Action includes “ Install ” or “ Uninstall “. We can install an app or uninstall an app by providing relevant information in deployment action.
Deployment Purpose – This is really important, you have an option to specify Deployment purpose as “ Available ” or “ Required “. If the application is deployed to a user, the user sees the published application in the Application Catalog and can request it on-demand. If the application is deployed to a device, the user sees it in Software Center and can install it on demand.

Now lets go ahead and deploy an application to a device in configuration Manager. The first step would be creating an application. We will first download an application named 7-zip x64 for here : Download 7-zip . We will place the setup file in folder called softwares and share the folder.

The steps to create and deploy Applications using SCCM include.

Launch the SCCM console.
Select Software Library , Under Application Management select Applications .
Right click Applications and select Create Application .

Select Automatically detect information .. and choose the type as Windows Installer (Native) , Specify the location of 7zip.msi file.

We get to know that SCCM couldn’t get the details about the publisher of 7zip setup file. We will import the file by clicking Yes .

Click Next.

On the next screen, lets specify some details about the software and for Install behavior select Install for a system if resource is device, otherwise install for user . Click Next.

Click Next .

The Application has been created successfully , click Close.

The Applications that are created can be seen by clicking Applications under Application Management . Since we have not deployed this application to any device or collection we see “ 0 ” under deployments. Once we deploy this application the count should increment.

Right click the application and click Deploy.

Click Browse and specify the collection as All Systems . Click Next.

To add the Distribution Points, click in Add and choose your distribution point.

Choose Action as “ Install ” and Purpose as “ Required “.

The application will be available once you distribute the content to content servers. If you want to schedule the availability of application, then select “ schedule the application to be available at “. We will not schedule the application availability and distribute the content immediately to the Content servers. Select the Installation deadline “ as soon as possible “. Click Next.

For the User Notifications , select Hide in Software Center and all notifications . Click next.

Do not select anything here, click next twice.

We see that the deploy Software Wizard has completed successfully. Click Close.

Now under Deployments we see the value is “ 1 ” which was previously “ 0 “. Since we have deployed the application to a collection, the value is changed.

Lets check whether the application has been deployed in the one of the computers. We will check in the machine named “ CLIENT.PRAJWAL.LOCAL ”. Wow, the application can be seen in the start menu

Lets Check from the SCCM console to find more information about the deployment of application. On the Left hand side of console Select Monitoring , select Deployments . We get a lot of information about the application that we deployed. Total Asset Count = 2 which means the application was installed on 2 devices.

Double click the application, we get to see the Asset Details here. We see that the application 7zip was installed on 2 devices, SCCM and CLIENT . If the deployment is unsuccessful you can get to know what went wrong by clicking Error tab.

Sign Up For Newsletter

Join our newsletter to stay updated and receive all the top articles published on the site get the latest articles delivered straight to your inbox..

Hi Prajwal. If I want to create a duplicate of an existing application to do some test of new software that uses the same application where I will need to add dependencies on software not required by the original application, can I do this by making a copy (and renaming it obviously)of the original source MSI and using the copy to build the application. As I said I am going to apply dependencies and I have noticed doing this the Deployment Type has exactly the same MSI name, so will the dependencies affect the live (original) application or will SCCM see them as completely separate applications? Example: Live ODS Task Sequence has App A and App B. Test deployment will have App A and App C I need the apps in Live to continue working when deployed while I test App C which includes adding dependencies to App A (or a copy of it). Thank you

Hello, I started working on sccm 15 days back. your resource was totally useful. I have a problem; I need to deploy .msi application and run a command as admin on client machine to apply configuration settings. Application installation is going smooth. I have config file on network shared path accross network and it configs .exe file which will be present after installing .msi application on client. I tried creating different application, package to run the script. I also tried running it directly with scripts. But none of them are working. Can you please help me out with that. Thanks

Hi Prajwal,

How do I deploy an application during a task sequence to a targeted machine based on their default gateway?

Can we deploy an application in a client from one network to another network? Like WFH scenario.

Yes, as long as the client is connected to the network and can talk to SCCM servers, you can deploy the applications.

This is an amazing content. Thanks very much.

How does my SCCM Client knows that it has been targeted with a Application, Package and Software Update? And how it process to execution?

I have a software that needs to deploy on a different path than C drive on client machine, Is there any way that I can SCCM to deploy that particular software to a path different than C drive (Default) drive.

Please note that the software has been packaged and already in SCCM ready to deploy. but as I mentioned it only deploys it straight to C drive on client machine.

Please advise,

Did you find out how to install the applications to a drive other than the default?

Many thanks

SCCM doesn’t really do this natively. It may be possible to redirect the path using commandline switches but not all installers support this. Alternatively, you may need to repackage the software with some kind of monitoring feature to capture changes made during installation. Repackaging should be a last-ditch method; it’s much better to redirect using switches, if possible.

Do we similar article for deploying packages to users?

Packages are gone now. Old technology.

Hi Prajwal, How to you redeploy an application? I have a PowerShell script that checks the registry for the monitor details. Then it creates a new WMI class so that SCCM can read it. I’ve created an application, and I pointed it to the script. I deployed the application to a specific collection but the script doesn’t run (even if I’ve invoked “Set-ExecutionPolicy Bypass” in the script). I assume the script doesn’t run because the script is invoked from a network share (even if all users have proper read and modify permissions to that network share). When I run the script manually from the PC, the script works perfect. The SCCM deployment works because the script is copied into the PCs (from that collection) into C:WindowsCCMCacheXXXXXX folder

I’ve modified the script to run it from the local PC instead of the network share BUT I can’t redeploy the Application to the same collection…… 🙁 SCCM tells me that the application has already been deployed to the same collection. How can I still redeploy the Application to the same collection ?

Thanks Radu

Hello Prajwal,

I have deployed a couple of exe application, but having issues with the status of applications while trying to install it on the client machine, it shows failed though application gets successfully installed.

could please suggest..

You must check the detection method. You must also examine the success and error codes. The issues are more common when you deploy custom apps.

Hello Prajwal, Good Morning, How to upgrade GoToAssist older version to new version. Could you please help on it. Or First how to remove old version application and upgrade new application using sccm.

Requesting please create a tutorial for deploying exe application not “MSI”. for example need to deploy BIOS which is model_version.exe. need to deploy this please advise.

I am big fan of your articles. I need your help in the following:

I want to deploy application immediately to 20 machines in the lab. What is the best method? At the moment, I have to run the action from client machine (Configuration Manager) to get the application immediately. Is there any way from the server to push it immediately?

Ensure you have distributed the app to distribution points. Deploy the app to the collection and run the action cycles from client machines to speed up the deployment.

Is there a way to run the “Action” from Client Configuration Manager without going to client? Like can it be initiated from SCCM?

You may use right click tools using which you can run the action cycles for a client via SCCM console.

I am trying to delete or remove from SCCM, but unable, the button is off, and says in windows App Revision History “Revisions cannot be deleted unless there are no other objects referring to that version.

can you help me please.

write a powershell script like the below

$command1 = “Applicationname.exe” $Arguments = ” /s /q /norestart ConfigureFirewall=1″ Start-Process $Command1 $Arguments -Wait -PassThru

Can you please explain, how can I deploy .msi application and I need to do some registry setting for this app on client pc?

Thanks, Moe

Please provide the information about how to install package (.exe) from sccm 2012. Content is downloading successfully from distribution points but not installing on machines.

Create a collection and put your single device there.

I have an application I have created and pushed out to a few hundred users. An unexpected error occurred that did not happen during testing, so we needed to make a change to some of the installation files. I edited a batch file that calls a few MSI installations, after it calls an executable that uninstalls the program that was previously pushed out. How do I now force devices that are compliant with the original deployment, so that the members of that collection reinstall the new application that include the adjustments I have made?

Hello it’s possible to deploy application with a scheduling like package ” Occurs every 1 days ” and the option “Always rerun program” ? Thanks you

An application can be deployed only to a collection.

How do we deploy an application to a single device instead of the entire collection of devices?

Thanks for sharing the info Prajwal.

Can you please provide step by step troubleshooting process of Application Deployment.

I’d like to know your opinion on the new deployment tools that have renetly appeared on the market. Products like Total Software Deployment and Lansweeper look quite promising as a new alternative to SCCM. They may still lack some “must have” features, but they provide some versatility for sure.

I agree with you. There are lot of tools out there which provide similar functionalities as SCCM does. It all depends on which tool do you choose and for what purpose. I would say if SCCM makes your job easy got with it else you could try other alternatives.

Hey Prajwal, I want our applications to automatically install. Right now they just sit there doing nothing until a user clicks install. What settings do we need to set so the application will just install automatically without the user having to do anything? Thank you for your help!

Choose the application deployment type as Required instead of Available.

HI, why does it always download it first, I want to run the program from the DP,

Hi Prajwal, I followed your steps but in the ” Purpose ” I have Chosen “Available” . i want to a user to request and install from “Software Center “. I have three Questions below . 1) Which log file is associated with deployment issues. if a user requested and somehow failed to install.? 2)How can i see the deployment Que and stop it and make a new deployment run for the same App”. either ” Edit ” the running task . 3) Please share link ” How to make a “Custom Collection of devices” or by IP range i can categorize them.

Best Regards !

Why do you want the users to be notified. In most of the organizations the user are unaware of the deployments that happen. When you deploy the software to a collection, the users can see a notification in the system tray. System center does it for you. Regarding bringing up the pop up for users, this is something that i am really not sure of.

Hi Prajwal, Need one help we are deploying Office 365 in our org using sccm application method, we need to notify users before installation office and after successful installation as well. we have some script which can give a popup message to notify users, challenge is that how to run pop script after successful installation of sccm application. we have already enabled all Software Center notifications but these stay for few seconds only , please help if you can. Also let us know can we use Orchestrator to send automatic email if installation is success.

hi Prajwal,

I have pushed one EXE on the systems but it is stuck on 0% downloading. Checked permissions in IIS as well, the account to deploy the app is also OK. What I am missing here.

There could be lot of things that you need to check. Check if you have configured the boundary and boundary group. Also what does execmgr.log file says ?.

Hello Mr. Desai and Nakul: Was this resolved? I’m struggling with the same issue, but I’m deploying a BAT file; instead of, an EXE. I did not set up our SCCM 2012 and not too familiar with boundaries. From what I read, it looks like boundary group is setup correctly. If the boundary is incorrectly setup, it should affect all deployments, right? We are able to deploy MSI’s just fine. There is a discrepancy that I found with a boundary and boundary groups, but I don’t think it’s critical. A boundary was named, “Sacramento”, and a boundary group is misspelled, “Sacramanto”.

I am using SCCM 2012 R2 with all latest updates.

Now I am facing issue with application deployment. The application keep deploying even after successful application deployment on client system.

Am I missing anything? I am following the same way as you describe in your post.

Thanks, Ganesh Prajapati

How did you check the software is getting re-deployed ?

We are using Lansweeper where we can get details for last 7 days and 24 hours software changes.

And I can also see notification on client system when it start deployment.

Please see the attached screenshot.

Thanks, Ganesh P

We are using Lansweeper where we can check software changes for last 7 days and last 24 hours. Please see the attached screen shot. And I have also notice the same by enabling the notification for deployment.

I can see deployment notification on client system.

Thanks Ganesh P

hi, msi is in E drive. there will b a C drive too. how in the unc path, there is no mention of drive letter, how sccm identifies its in which drive ? if my msi is in c drive then also the path given above wil work ?

In the UNC path you always provide the path along with the folder where the software is stored.

directly after server name, u mentioned folder path without mentioning the drive. thts my doubt. i m gettin error tht there is no such file/path. i tried all types of unc. my msi is directly under C:

@Manish – Share the folder with least permissions so that it shows up in the UNC path. SCCM has to know where have you placed the .msi or .exe file.

Good work…

when i trying to add distribution point i cant find that so please help me.

Check distmgr.log Ccmsetup.log Cas.log Ccm log

Thanks for the link, this might help me…I’ll update soon on this..I know being selfish is not good thing…but can you just make me understand If I want to install notepad++ on some windows machine what exact command I need to shoot on target machine…!!!

At first glance I couldn’t figure out the command out of the link.

I work on IBM tools, and I have given to integrate IBM SCCD with SCCM, what I just want to know is:

1. How do we use soap connectivity of SCCM 2. Is there any way to deploy software on client machine using command line let say I want install notepad on one of the target machine, and I have following details with me

a. Asset (target machine) b. Owner of the asset (target machine) c. Software to be deployed

Hence, can I use above info and instruct SCCM to install the software.. Your suggestions would be really helpful.

Hi Ravikant, I am not sure about soap connectivity of SCCM. Yes you can deploy softwares using command line or scripts in SCCM.

This is the only post where i got actual step by step method to deploy applications using sccm… Can you also show us how to deploy other apps ?

Yes I am working on it.

Need your advice and help.

Requirement – I have to create an application of the below PowerShell script and run this script in admin mode in SCCM 2012 as a dependency with my UE-V Agent application (this msi package has been tested successfully).

Now how do I create an application of the below program and run this program in PowerShell admin mode in SCCM 2012. Should I do it with a small task sequence or should I use simple dependency feature.

Program to force Offline Files to be enabled –

$exists = Test-Path HKLM:\SYSTEM\CurrentControlSet\Services\CSC

if ($exists) {

$startvalue = get-itemproperty HKLM:\SYSTEM\CurrentControlSet\Services\CSC | foreach {$_.Start} if ($startvalue -eq 4) { set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Services\CSC -Name Start -Value 1 set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Services\CscService -Name Start -Value 2 } }

$exists = Test-Path HKLM:\SYSTEM\CurrentControlSet\Services\CscService

if ($exists) { $startvalue = get-itemproperty HKLM:\SYSTEM\CurrentControlSet\Services\CSCService | foreach {$_.Start}

if ($startvalue -eq 4) { set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Services\CSCService -Name Start -Value 2 set-itemproperty HKLM:\SYSTEM\CurrentControlSet\Services\Csc -Name Start -Value 1 } }

I was curious. How long does it take for the software deployment to start after you choose “as soon as possible”? Is there a way to force the deployment to start right away?

It would take 4-8 minutes for the deployment to begin. What software are you deploying ?

Have you encountered this before. I need your opinion. I have installed the SCCM Configuration Client on my target computer. But the client certificate is None (should be PKI). The CCM Notification Agent is Disabled (should be enabled). Actions should be more (Discovery Data Collection cycle, Software inventory cycle and others missing). What do you think is the issue.

Trouble-shooting steps tried – 1) I have re-installed the agent (ccmsetup.exe /usepkicert SMSSITECODE=), 2) Host file is correct 3) Checked the logs on failed client – ccmsetup.log, ClientIDManagerStartup.log. 4) Requested for a new certificate from AD. 5) Modified the installation command as ccmsetup.exe /NoCRLCheck /UsePKICert /mp:sccm2012sp2.OCEANIA.local /logon SMSSITECODE=

Thanks and Regards, Suparno

I would want to see the ccmsetup.log.

Yes you were correct. It was a certificate issue. The certificate showed as valid till 2023 however in thumb print it was showing a different date. Deleted the certificate and got a new one. Issue is resolved.

Wanted to share my finding on something else regarding UE-V client installation process. My requirement was to ensure that user has to restart system only once and not twice. This would have helped in customer experience but it seems it is not possible.

1) Action – Enabled Offline files GPO on server (Computer configuration – Administrative templates – Network – Offline Files and select “Allow or Disallow use of the Offline Files feature” and click Enable) 2) Result – Offline files on client is enabled but not active. (I did not restart computer) 3) Action – Tried to install Agentsetup.exe on client. 4) Result – Installation fails saying Offline files is not enabled.

As an alternative tried –

1) Action – Enabled Offline files on client by sc config CscService start=auto. 2) Result – Offline files on client is enabled but not active. (I did not restart computer) 3) Action – Tried to install Agentsetup.exe on client. 4) Result – Installation fails saying Offline files is not enabled.

In point 2, if system is restarted, installation succeeds.

You are correct. I was thinking how to resolve the issue and this is what I did.

1) Enabled Offline Files by GPO. (Computer configuration – Administrative templates – Network – Offline Files and select “Allow or Disallow use of the Offline Files feature” and click Enable. Machine restart is needed).

2) SCCM 2012 silently installs the UE-V agent to user computer. (Machine restart is needed).

We need to test what happens if a machine restart does not happen between 1 and 2, but does happen after 2. If that succeeds that will be good. What do you think.

Suparno – If you were okay with using GPO to enable service, I would have suggested this at the first time. You wanted to enable the service through task sequence..Anyway, you can use GPO to start any windows service. Did you try using /norestart switch ?

Little confused. You mean using /norestart switch for GPO ? (Computer configuration -Administrative templates – Network – Offline Files and select “Allow or Disallow use of the Offline Files feature” and click Enable)

I think I understood. Yes I used /norestart while installing the agent application through SCCM 2012. It will be good if the machine restart happens only AFTER enabling Offline Files and installation of agent. Do you think it is possible.

These are the details of the msi used while creating the agent application. msiexec /i “AgentSetupx64.msi” /quiet /norestart /l*v “C:\UEVagentLog.txt” SyncMethod=OfflineFiles SyncEnabled=True SettingsTemplateCatalogPath=”\\namespace\SettingsCatalog”

msiexec /i “AgentSetupx86.msi” /quiet /norestart /l*v “C:\UEVagentLog.txt” SyncMethod=OfflineFiles SyncEnabled=True SettingsTemplateCatalogPath=”\\namespace\SettingsCatalog”

/norestart switch to be used while you deploy UEV agent…

(I dont have your email address otherwise I would have written to you one on one). As you have a full-fledged lab, can you just check this step –

We need to test what happens if a machine restart does not happen between 1 and 2, but does happen after 2. Is it successfully installing the agent.

2) SCCM 2012 silently installs the UE-V agent to user computer.

The system account has full rights to the machine. (So ideally we don’t need a different account) What do you think.

It doesn’t work Suparno.. You can give a try…

I do not know so it is best to ask the master. You may think me as complete muppet. I am very new to SCCM 2012 (4 days old).

This is what I have completed till now –

1) Created the UE-V Agent application in Configuration Manager 2) Distributed the UE-V Agent Application 3) Deployed the UE-V Agent Configuration Manager application

Confused – Now how do I use the command line sc config CscService start=auto OR Get-WmiObject -Query “Select * From Win32_Service Where Name=’CSCService'”|ForEach-Object{$_.ChangeStartMode(“Automatic”) $_.StartService()} to enable the Offline Files as a pre-requisite to installing the application. What is the step by step method for this.

Hi Prajwal, I progressed a little after writing to you. Now I have a doubt. How do I link a package to an application in Configuration Manager 2012. To explain in details –

1) I have created one package that contains and runs the Offline files enabling command (sc config CscService start=auto). (We can also use like Get-WmiObject -Query “Select * From Win32_Service Where Name=’CSCService'”|ForEach-Object{$_.ChangeStartMode(“Automatic”) $_.StartService()})

2) Created one application for UE-V Agent installation. (msiexec /i “AgentSetupx64.msi” /quiet /norestart /l*v “C:\UEVagentLog.txt” SyncMethod=OfflineFiles SyncEnabled=True SettingsTemplateCatalogPath=”\\server \SettingsCatalog” and msiexec /i “AgentSetupx86.msi” /quiet /norestart /l*v “C:\UEVagentLog.txt” SyncMethod=OfflineFiles SyncEnabled=True SettingsTemplateCatalogPath=”\\server\SettingsCatalog”)

Confusion – How do I link the Offline files package to the agent installation application as a dependency.

In fact I went to dependencies – clicked on add dependency – it says specify the required application. Now problem is I want to add a package as dependency to the application. Any way to use a work-around. What do you think.

Hi Prajiwal,

This may help someone like me. I think there is no way to link package with application. So here is what i did – 1) Created the script with the application model.. 2) Linked it to the agent application as dependency. 3) Deployed the agent application to client computers.

Suparno – Lets try this. Use this command to deploy the UE-V agent “AgentSetup.exe /quiet /norestart /l*v SyncMethod=None”. For this step do not enable offline files, in other words we are deploying ue-v agent with sync feature disabled. Tell me if this works.. The issue here is the CSC service needs to be enabled first on windows 8 and that has to be done from elevated command prompt. When you run a task sequence it runs with local system account, let me find a way to run the command prompt as local administrator.

Thank you for your response. My findings are if the Offline Files are disabled (as it is in Windows 8 by default, unlike Windows 7), we will not be able to install the UE-V agent. It will give an error Offline Files needs to be enabled.

So we have to figure out a way to install the Offline Files first (this command works – sc config CscService start=auto) and then install the UE-V agent through SCCM.

Important point that I found in lab – Even if we use “AgentSetup.exe /quiet /norestart /l*v SyncMethod=None” as agent installation command, we need Offline Files to be enabled before installation. (Sync Method = None will ensure that sync does not happen between Offline Cache and server)

I wanted to share few findings with you. What do you think. Am I on the correct track.

1) Found that we can create a script package with the App model for delivery in SCCM 2012. 2) Found that we can link an application with another application as a dependency. (We cannot link a package to an application as a dependency or vice versa.)

Now as you said the requirement here is the CSC service (Offline files) needs to be enabled first on windows 8 and that has to be done from elevated command prompt. This is what I have done.

1) Created the script with the application model..(sc config CscService start=auto) (We can also use like Get-WmiObject -Query “Select * From Win32_Service Where Name=’CSCService'”|ForEach-Object{$_.ChangeStartMode(“Automatic”) $_.StartService()}) 2) Linked it to the UE-V agent installation application as dependency. 3) Deployed the application to client computers.

As you correctly mentioned my doubt is also SCCM probably runs the application model script as local system account, we have to find a way to run the command prompt as local administrator. What do you think.

I am finding out on running this command with administrator account.. I will try to simulate the same in my lab..

That would be fantastic. Is there any of your sites where I can follow this step for adding it as an item in the uev agent package installation (enabling offline files and then install the agent)

No suparno, i have not created any post on that. If i get time i will surely create a post on deploying UE-V agent..

Thank you for your response. Please do create your post on deploying UE-V agent… You are the end-word on SCCM and you are highly appreciated by all my colleagues and co-workers.

Thank you Suparno..

Thank you for your response. Let me explain the details. I am deploying the recent released UE-V 1.0.5 Agent to client computers. I saw that the Offline Files Service (CscService) needs to be running before the installation will run. It seems that the Offline Files Service on Windows 8, by default, is set to Automatic (Trigger Start), which means that it’s not running during the deployment. So I am using the sc.exe tool to enable Offline Files from a command line. To enable the Offline Files feature using the sc.exe command, I need to run the following from an elevated command prompt: sc config CscService start=auto. Problem is how can I configure the UE-V Agent and enable the Offline Files feature using Configuration Manager 2012.

These is the installation program I am using – msiexec /i “AgentSetupx64.msi” /quiet /norestart SyncMethod=OfflineFiles SyncEnabled=True SettingsStoragePath=”\\server\SettingsStore\^%username^%” SettingsTemplateCatalogPath=”\\server\SettingsCatalog”

msiexec /i “AgentSetupx86.msi” /quiet /norestart SyncMethod=OfflineFiles SyncEnabled=True SettingsStoragePath=”\\server\SettingsStore\^%username^%” SettingsTemplateCatalogPath=”\\server\SettingsCatalog”

Tell me something. Can I resolve like this. What do you think. If I go through the Software Library > Overview > Operating Systems > Task Sequences > Command Line and fill in as Powershell.exe Start-Service CscService and then Add > General > Install Application. I am confused if this is the correct way of resolving this. I do not want to add this in operating system deployment sequence..just want to sequence my Powershell.exe Start-Service CscService and then deploy my UE-V agent application. Is this the correct way.

I think through powershell we can deploy it with ease rather that the old method that you specified.

I also think a task sequence is far too heavy. Do you think I can just add it as an item in the uev agent package installation to keep it simple. What do you think.

That would be the best and easiest way..

@ Suparno- I will create a post on deploying UE-V agent to client computers soon..

How do I run a Service Controller (sc.exe) command from an elevated command prompt on my clients BEFORE I deploy an application through Configuration Manager 2012. Any help is highly appreciated.

@Suparno – May i know what exactly are you trying to achieve ?

Hi Prajwal, these are the details. I am deploying the recent released UE-V 1.0.5 Agent to client computers. I saw that the Offline Files Service (CscService) needs to be running before the installation will run. It seems that the Offline Files Service on Windows 8, by default, is set to Automatic (Trigger Start), which means that it’s not running during the deployment. So I am using the sc.exe tool to enable Offline Files from a command line. To enable the Offline Files feature using the sc.exe command, I need to run the following from an elevated command prompt: sc config CscService start=auto. How can I configure the UE-V Agent and enable the Offline Files feature using Configuration Manager 2012.

I think I should attempt a transform of the app’s MSI. My installation program command currently looks like this – msiexec /i “AgentSetupx64.msi” /quiet /norestart SyncMethod=None SyncEnabled=True. How do I run an elevated command line prompt in this. Or any other way that you advice through Configuration Manager 2012.

try this Suparno – AgentSetup.exe /quiet /norestart /l*v “C:\UEVagentLog.txt” SettingsTemplateCatalogPath=”\\server\share\UE-V\Templates” SettingsStoragePath=\\server\share\%UserName%

PatchMyPC Sponsored AD

Recast Sponsored AD

SCCM 2012 R2 Step by Step Guide

How To Deploy Software Updates Using SCCM ConfigMgr

How to Install WSUS for SCCM | SUP Role | ConfigMgr

Fix Skype for Business (Lync) Recording Shows Pending Status

Fix Skype for Business Recording Shows Pending Status

8 Ways to Fix Windows 11 Upgrade Error 0x800F0830-0x20003

How to Enable or Disable Copilot Vision in Microsoft Edge

Manage Windows 11 Readiness dashboard using SCCM

Top 10 ConfigMgr 2403 New Features

Subscribe Newsletter

Subscribe to our newsletter to get our newest articles instantly!

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

SCCM Updating Package source and Rerun Behaviour

I have a package which contains a login script which I update from time to time.

I do some changes in the script then I do a "Update Distribution Points", which increments the "Source version" of the package.

In the adverisement I have set the schedule as a Mandantory assignment and "As soon as Possible". The "Program rerun behavior" is set to "Rerun if failed previous attempt".

I only want the Package program to rerun when the source version has changed.

The problem is that the program will not rerun beacause it has previously ran the package with sucess even though the source version has changed.

But then if I set rerun behaivor to "Always rerun", will it rerun everytime the client checks for updates OR only when the source version has changed?

We use SCCM 2007 SP2 R2.

2 Answers 2

Neither, you want to set it to Always rerun Program - but doing so will not do anything until you add another mandatory assignment. Each time you make a change to the script and you want it to run again, you'll want\need to add another mandatory assignment. Depending how often you modify the script, perhaps running the script on a schedule in SCCM and putting a conditional into the script itself might work better for you (aka be less work). i.e. check for a flag file or something - depending on what this script is doing for you.

Don't use Mandatory assignment and you will have the option to re-run the advertisement when you right click on the advertisement in question, simple.

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged sccm ..

The Overflow Blog
Reshaping the future of API platforms
Between hyper-focus and burnout: Developing with ADHD
Featured on Meta
Our Partnership with OpenAI
Imgur image URL migration: Coming soon to a Stack Exchange site near you!

Hot Network Questions

A short fiction about an American poetess who supposedly foiled, thanks to posthumous poems, the Martian invasion described by H. G. Wells
If the Earth stopped spinning, what's the ideal point for it to stop to ensure the most people survive?
What Does the 'Cosɸ' Rating on a DC Relay Indicate?
Efficient C Tokenizer/Lexer in C++
May the Fourth Be With You - a Star Wars Day Bounty Hunt
How can I work with a senior researcher who is less knowledgeable than myself?
Got roped into (what I’m pretty sure is) a scam conference. What now?
Can an employee be made to pay back training costs when resigning from the company?
Is it bad to branch off data traces into two separate connectors?
How (or is there) a way to make my rice more fluffy than sticky? Given my current approach
Why use the word "event" in singular form in the following context?
Is consciousness causally superfluous?
Why is it possible to avoid having a passport stamped when traveling from Monaco to Switzerland?
I keep blowing up irrigation solenoids
What can you use in your soil to kill bugs before planting vegetables?
Would you correct grading mistakes downwards if there is a mistake in grading?
Compute R Squared by Fixing Betas for Multi Linear Regression without Intercept results in a large R Square
Computer not booting after installing Ubuntu next to Windows
Stress pattern in "Little Red Riding Hood"
Miniature with man falling into a chasm and a camel—what is the myth being depicted here?
Are there any fallacies in Stephen C. Meyer's argument for classical theism from the Big Bang singularity?
Can individual rings of Saturn be considered satellites?
Is my DM taking too long to level us up?
Generating a Visible Barcode to a Darkened Back Cover

ConfigMgr Program Rerun Behavior

So what exactly do each of these options do in an advertisement? The TechNet documentation is actually pretty sketchy and thus this post (inspired by MVP extraordinaire, Torsten Meringer). Note that everything below is specific to mandatory advertisements; i.e., those with a schedule. If the advertisement is not mandatory or is executed manually, the Program Rerun Behavior setting has no impact.

The Program Rerun Behavior Option

Never rerun advertised program

The first option is fairly straight-forward. Essentially, a program will never be rerun on a specific client under any circumstances including adding a new schedule to the same advertisement.

Scenario 1, Additional Schedules

Any additional schedules added to the advert will essentially be ignored as shown in the following excerpt from execmgr.log on the client:

Additional Schedules: No Need to Re-run

Scenario 2, Additional Advertisements

So, what happens if we create another advertisement for the same program? As expected, the program does not rerun:

Additional Advertisement: No Need to Re-run

Scenario 3, Remove From and Re-add to Collection

And how about if we remove the client from the collection, update the policy, and then re-add the client to the collection where the advert is applied?

Remove from and Re-add to Collection: No Need to Re-run

The above log file snippet shows the old advert getting deleted because the system was removed from the collection followed by a new instance of the advert being created because the system was added back to the collection.

This shows that the client does take into account previous executions of the program even though it is a new and separate advertisement instance. Minor variations are also possible but each is similar enough to one of the above that you should be able to deduce the results.

Always rerun program

This option is essentially the opposite of the last one and is useful for recurring adverts that you always want to run. It’s pretty clear what will happen if you add multiple schedules to a single advert with this option selected or if you create multiple adverts for a single program: they will all execute on time regardless of the outcome of any previous executions. That covers scenario 1 and 2 from above, the only question is what happens for scenario 3: removing the client from a collection and then re-adding it. So what should happen? It’s the same advertisement with the same schedule so should the client rerun it or not? If we use the results from above, specifically that the client maintained the status of the last program execution, it is logical to conclude that the program will not rerun because it already ran for the schedule in the advert. Let’s find out.

Remove from and Re-add to Collection: Always Re-run

Notice it starts with the policy being deleted for the advertisement and then added back after the system is added back to the collection. But then notice at the bottom that the program is (re-)scheduled to run even though it already ran once from the same advertisement.

The conclusion to draw here is that the client does not actually maintain any knowledge that the advertisement previously existed or even executed so it schedules another execution of the program. This does in fact line up with our conclusion in scenario 3 above: the client does maintain a status of previous program executions but in this case, the setting Always rerun program tells the client to not care about previous execution status.

Rerun if failed previous attempt/Rerun if succeeded on previous attempt

These two are also essentially opposites and behave as expected according to our two conclusions from above:

Clients have no memory of advertisements or their schedules once the advertisement is no longer applicable to that client
Clients do maintain past program execution status even if the advertisement that caused them to run is no longer part of the client’s policy

This second conclusion is important for these last two settings and is what differentiates them. In all scenarios, if a new execution time is dictated — by a new schedule, new advertisement with a new schedule, or an advertisement removed and then re-added to a client — the status of the previous execution attempt is evaluated first and according to which setting is chosen — succeed or fail) the client either runs or does not run the program again. If the program never executed before then no comparison is needed and the program simply executes according to its schedule. The below snippet shows an advertisement set to Rerun if failed previous where the program ran successfully according to another schedule and thus did not rerun. The same behavior occurs if the situation is reversed: the advertisement is set to Rerun if succeeded and the previous attempt failed. Of course, if the previous execution status does match, then the program will run again.

Remove from and Re-add to Collection: Re-run if succeeded

The only real question to address with these options is what constitutes a failure or success? These statuses are explicitly determined by the return codes return from the executing the program. So what return codes mean success and which mean failure? That’s defined in the site control file:

PROPERTY <Success Return Codes><REG_SZ><{0}><0> PROPERTY <Reboot Return Codes><REG_SZ><{1604,1641,3010,3011}><0>

Any program execution returning one of the above will be considered a success. Any not returning one of the above are considered a failure. The failure codes are not explicitly defined because it is essentially an open-ended set. There are a handful of return codes that will trigger an automatic program retry; I covered this in a previous post: http://myitforum.com/cs2/blogs/jsandys/archive/2011/01/16/configmgr-and-failed-program-retry.aspx .

So where are program execution results stored? In the registry: HKLM\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile ClientExecution History (remove the Wow6432Node if on a 32-bit client). There will be separate sub-keys for the different contexts that programs have run under.

Program Execution Results in the Registry

A handful of notables

Rerun if failed previous is the default option and is set by the new advertisements wizard; you must manually change this.
If you right-click an advert and select Re-run Advertisement, it will automatically flip the advertisement to Always rerun program .
Rerun if failed previous will not automatically rerun a program. Programs will only run according to the schedules defined in applicable advertisements — I covered this in the same previous post that I mentioned just above.

Not much to sum up except to re-state my two main conclusions, add a few, and consolidate the expected behavior in a table. In general scenario 1 and scenario 2 results are as expected (to me at least). Scenario 3 is where things got a little interesting because of our first conclusion which is independent of past program execution — this is worth listing as a third conclusion also because it cements the fact that advertisement schedules and past program execution status are two separate and distinct factors.

Conclusions

Clients have no memory of advertisements or their schedules once the advertisement is no longer applicable to that client.
Clients do maintain past program execution status even if the advertisement that caused them to run is no longer part of the client’s policy.
Advertisements and their schedules are independent of past program execution status.
New advertisement schedules will always trigger a client action to determine whether the program should run or not.
Once an advertisement schedule triggers a program execution, actually program rerun behavior is determined by the Program rerun behavior and the program’s past execution status; i.e., programs rerun only at scheduled times according to the rerun behavior.

Scenario Behavior

Next article, configmgr and failed program retry, cancel reply.

Notify me of follow-up comments by email.

Notify me of new posts by email.

Currently you have JavaScript disabled. In order to post comments, please make sure JavaScript and Cookies are enabled, and reload the page. Click here for instructions on how to enable JavaScript in your browser.

1. What happens if the ‘Deployment’ is still out there and your re-install the client? Does that knowledge of Program Execution go away and thus restart the Deployment? 2. What if you go into the deployment and change the ‘Rerun Behavior’ but do not add another schedule? Nothing, I presume? It only evaluates the ‘Rerun Behavior’ upon additional schedules?

I feel that ‘Rerun Behavior’ for Packages is pretty clear-cut. When it comes to OSD TS’s, though, there is some nuance. What if I deploy an OSD TS to a lab of 30 machines with ‘Always Rerun’ set. 6 machines fail, so would I change the behavior to ‘Rerun if previously failed’ and add another schedule?

1. Not sure honestly. Program execution history is stored in the registry so it most likely depends on whether this gets wiped out or not with the uninstall.

2. Unless you add a new schedule, changing the behavior is irrelevant.

For your last question, yes.

Thanks, Jason. I’m finding that on some Labs I have to choose ‘Always Rerun’ on that first schedule because it remembers that TS being successfully run on it before. The problem with that is that after it completes the OSD TS it then grabs policy again and keep imaging itself. I’m flabbergasted that this is typical behavior. See the below blog post discussing this exact behavior.

https://blogs.msdn.microsoft.com/george_bethanis/2014/07/29/why-an-osd-task-sequence-is-triggered-to-re-run-on-a-cm12-client/

Right, because the re-run behavior isn’t per deployment, its per program/TS.

Correct. I’m just trying to determine the best way of handling this going forward. I guess when we refresh labs in the Summer I should just copy the TS and deploy that. My goal would be that I wouldn’t need any Techs to do manual intervention in these areas.

Our Services
Free products

Subscription

Complete SCCM / MECM Installation Guide and Configuration

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.

Benoit Lecours

Table of Content

Sccm hardware requirements, sccm installation guide.

Operating System

Active Directory schema extension

Create the system management container, sccm accounts.

Network Configuration

Firewall Configuration

No_sms_on_drive.sms, windows server features, roles and features, report viewer, adk for windows 10, active directory, local admin accounts, sccm client, windows updates, install sql server management studio (ssms), install sql reporting services.

Apply SQL 2017 CU2 or higher

SPN Creation

Sql configuration, database sizing, create database.

Review the Site Database properties

TempDB sizing

Review the TempDB properties

SQL Communications

Prerequisite check, new sccm installation, system center 2012 r2 configuration manager toolkit, sccm current branch installation extra information, sccm current branch upgrade, sccm current branch configuration, role description, site system role placement in hierarchy, prerequisites.

SCCM Application Catalog Installation

Verification and Logs files

Url redirection, client settings, role description, aisp installation, verification, enable inventory reporting classes, maintenance tasks.

CRP Installation

Configuration Manager Policy Module

Introduction, pre-requisites, distribution point server configuration.

Windows Server configuration – Roles and Features

Remote Differential Compression

Windows deployment service.

Microsoft Visual C++ 2008 Redistributable

Powershell 3.0

Distribution point site server installation.

Add new distribution point server to the SCCM console – Site System

Replicate content

Distribution point monitoring, requirements.

EPP Installation

SUP Configuration

SCCM Enrollment Point Installation

FSP Installation

Configure clients, sccm management point installation, configure reporting services, add reporting services point role in sccm, recovery model, web browser.

WSUS Installation
Software Update Point Installation
SCCM State Migration Point Installation

Create the USMT Package

Sccm system health validator point installation, configure client settings, sccm service connection point installation, planning for sccm boundaries and boundary groups, overlapping boundaries, real world scenario.

Create Boundary Group
Create Site Assignment Boundary Group

Create Content Location Boundary Group

How to create custom client device settings, set the client settings priority, how to deploy a client settings, how to apply, how to verify your client settings, what is sccm discovery methods, active directory system discovery, active directory group discovery, active directory user discovery, active directory forest discovery, heartbeat discovery, network discovery.

Part 22 – Configure Maintenance Tasks

To enable the site backup maintenance task

Verify that the backup site server maintenance task is running, more sccm ressources.

Get the latest insights and exclusive content delivered to your inbox

This blog post is a completely revised Step-by-step SCCM Installation Guide. It covers every aspect of the SCCM Installation. From the server prerequisites to the SQL installation, the SCCM installation and all configuration and site server installation. Following this guide, you should have a functional SCCM server in a few hours.

We already did a guide in the past when SCCM 1511 was released, but it was time for a 2020 refresh.

Since our first guide, more than 12 SCCM versions have been released… and the product even changed its name to Microsoft Endpoint Manager. (MEM or MEMCM).

SCCM installation has never been easy, and the product can be complex for inexperienced administrators. With this blog post, we aim to bring it a bit further, explaining concepts and best practices rather than just guiding the user through the installation process.

If you’re unfamiliar with SCCM’s Current Branch Features, you can visit this Microsoft Docs article , which covers everything.

Stop reading this guide if you’re still running SCCM 2012 (!) and plan to migrate. You do not need to do a completely new installation. See our blog post on upgrading to the SCCM Current Branch instead.

We hope this guide brings all the necessary information and that you’ll appreciate administering it.

Part 1 – Design Recommendation and Installation Prerequisites

In the first part, we will cover SCCM installation prerequisites, precisely hardware requirements, design recommendations, and server prerequisites.

The hardware requirements for a Primary Site server largely depend on the enabled features and how each component is utilized. When the number of clients grows and changes, the server hardware requirements change accordingly. For the initial deployment, hardware requirements can be estimated for each server by determining:

The overall need for each component (Will you do Operating System Deployment ? How many daily software deployments ? Is Inventory and reporting necessary for your organization? Will you manage Internet Clients?)
The number of clients planned to be installed
The load on each of the installed SCCM components

In general, medium environments (a couple thousand clients) should consider the following recommendations when planning hardware:

SCCM and SQL Server communicate constantly. We recommend installing the SCCM database and SQL Server on the Primary site server. This is debatable, and we understand that some organizations try to standardize their SQL distribution. Performance is simply better using a local installation when appropriately configured.
Neither the SCCM site nor the SQL database should share their disks with other applications.
Configure the SQL Server databases and logs to run on a disk different from where the SCCM database is located.

Another issue to consider when determining hardware requirements for a site server is the total amount of data that will be stored in the database. An approximate figure of 5Mb to 10Mb per client is typically used to estimate the required database size for a single site.

In our setup, we will install a single primary site with the roles of management point, reporting point, distribution point, PXE service point, state migration point, fallback status point, and software update point. SQL Reporting Services will be used to provide consolidated reporting for the hierarchy. This role will also be installed on the SCCM Server. Running reports can impact server CPU and memory utilization, particularly if large, poorly structured queries are executed as part of the report generation.

Consider placing a client-facing role (Distribution Point, Reporting Point) on a separate server to reduce load on your Primary server.

Here’s our recommended reading about hardware requirements:

Design a hierarchy of sites
Recommended hardware
Supported configurations
Plan for the site database
Plan for site system servers and site system roles

We strongly recommend that you understand SQL Server before installing SCCM. Talk to and have a good relationship with your DBA if you have one in your organization.

Here’s our recommended reading about SQL :

Storage Top 10 Best Practice
SQL Server Best Practices Article
Disk Partition Alignment Best Practices for SQL Server

O perating System

Our servers run Windows 2019 with the latest security patches for this post.

Make sure that your OS is supported; see the SCCM Current Branch Technet Documentation

Disk IOs are the most critical aspect of SCCM performance. We recommend configuring the disks following SQL Best practices. Split the load on different drives. When formatting SQL drives, NTFS’s cluster size (block size) must be 64KB instead of the default 4K. See the previously recommended reading to achieve this.

Primary Site server prerequisites

Once your hardware is carefully planned, we can now prepare our environment and server before SCCM Installation.

You need to extend the Active Directory Schema only if you didn’t have a previous installation of SCCM in your domain. If you have SCCM 2007 already installed and are planning a migration, skip this step.

Login to a server with an account that is a member of the Schema Admins security group
From SCCM ISO run .\SMSSETUP\BIN\X64\extadsch.exe

Check the schema extension result, and open Extadsch.log located in the root of the system drive.

Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created once for each domain, including a Configuration Manager primary or secondary site server that publishes site information to Active Directory Domain Services.

Start ADSIEdit , go to the System container and create a new Object

Select Container

Enter System Management

Set security permission

Open properties of the container System Management created previously

In the Security tab, add the site server computer account and Grant Full Control permissions

Click Advanced, select the site server’s computer account, and then click Edit
In the Applies to list, select This object and all descendant objects
Click OK and close the ADSIEdit console

Create the necessary accounts and groups created before installation. You can use a different name, but I’ll refer to these names throughout the guide.

SQL server services account – SCCM-SQLService
SCCM Network Access Account – SCCM-NAA
Domain user account for use SCCM client push install – SCCM-ClientPush
Domain user account for use with reporting services User – SCCM-SQLReporting
Domain account used to join machine to the domain during OSD – SCCM-DomainJoin
Domain group containing all SCCM Admins Group – SCCM-Admins
Domain group containing all SCCM servers in the hierarchy Group – SCCM-SiteServers

Network Configuration

Make sure that the server has a fixed IP and that the internet connection is up
Make sure the firewall service is ON

Run this script in an elevated command prompt to open the ports needed for SCCM.

** If you are using custom ports, change the values before running the script. **

@echo ========= SQL Server Ports =================== @echo Enabling SQLServer default instance port 1433 netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433 @echo Enabling Dedicated Admin Connection port 1434 netsh advfirewall firewall add rule name=”SQL Admin Connection” dir=in action=allow protocol=TCP localport=1434 @echo Enabling conventional SQL Server Service Broker port 4022 netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022 @echo Enabling Transact-SQL Debugger/RPC port 135 netsh advfirewall firewall add rule name=”SQL Debugger/RPC” dir=in action=allow protocol=TCP localport=135 @echo ========= Analysis Services Ports ============== @echo Enabling SSAS Default Instance port 2383 netsh advfirewall firewall add rule name=”Analysis Services” dir=in action=allow protocol=TCP localport=2383 @echo Enabling SQL Server Browser Service port 2382 netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=2382 @echo ========= Misc Applications ============== @echo Enabling HTTP port 80 netsh advfirewall firewall add rule name=”HTTP” dir=in action=allow protocol=TCP localport=80 @echo Enabling SSL port 443 netsh advfirewall firewall add rule name=”SSL” dir=in action=allow protocol=TCP localport=443 @echo Enabling port for SQL Server Browser Service’s ‘Browse’ Button netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=1434 @echo Allowing Ping command netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow

Place a file name no_sms_on_drive.sms on the root drive of each drive you don’t want SCCM to put content on.

The following components must be installed on the Primary site server before SCCM installation. We’ll install all these components using a PowerShell script.

.Net Framework 3.51 SP1
.Net Framework 4
BITS Server Extension
WSUS 3.0 SP2
ADK for Windows 8.1

On the Site Server computer, open a PowerShell command prompt as an administrator and type the following commands. This will install the required features without using the Windows 2012 GUI.

Get-Module servermanager Install-WindowsFeature Web-Windows-Auth Install-WindowsFeature Web-ISAPI-Ext Install-WindowsFeature Web-Metabase Install-WindowsFeature Web-WMI Install-WindowsFeature BITS Install-WindowsFeature RDC Install-WindowsFeature NET-Framework-Features -source \yournetwork\yourshare\sxs Install-WindowsFeature Web-Asp-Net Install-WindowsFeature Web-Asp-Net45 Install-WindowsFeature NET-HTTP-Activation Install-WindowsFeature NET-Non-HTTP-Activ

Ensure that all components are showing as SUCCESS as an EXIT Code. It’s normal to have Windows Update warnings at this point.

Download and install – here

Select the default path

Do not join CEIP

Accept the License Agreement

Deployment Tools
Windows Pre-installation Environment
User state Migration tool

Add the computer account of all your site servers in the SCCM-SiteServers AD group.
Ensure that the group has Full Control of the SYSTEM Container in the Active Directory.

Add both the SCCM computer account and the SCCM Admin account to the local administrator group on the site server.

SCCM-Admins
SCCM-SiteServers

If applicable, uninstall the SCCM 2007 client and FEP if present on the server before the installation. The 2012 SCCM Management Point installation will fail if the client is present.

Run Windows update and patch your server to the highest level

Your server is now ready for the SQL installation.

Part 2 – SCCM SQL 2017 Installation

We will go through the complete SCCM SQL 2017 Install Guide to install and configure SQL before installing SCCM Current Branch 1806 or higher.

This post is our updated version of our SQL install guide for version 2017 and higher. If you are planning on installing an older version of SQL, please follow our previous post here .

Click the following link to see all supported SQL versions . For our post, we will install SQL 2017 locally on the same server where the Primary Site will be installed.

Execute Setup.exe from the SQL installation media, select New SQL server stand-alone installation.

Provide the product key and click N ext

Review and Click Next

Check Use Microsoft Update to check for updates and click Next

Select SQL Server Feature I nstallation

Note that some steps in the wizard are automatically skipped when no action is required. For example, product updates, Install setup Files and Install Rules might be skipped.

Select the Database Engine feature and specify the SQL installation directory. This is the directory for the program files and shared features.

Select Default instance and ensure that your instance is created on the SQL Volume.

Set all services to run as the SQL domain account that you created previously and set the services startup type to Automatic.

On the Collation tab, set the Database Engine to use SQL_Latin1_General_CP1_CI_AS.

In the Server Configuration tab, set the authentication mode to Windows Authentication and in the SQL Server Administrators, add your SCCM Admins group.

In the Data Directories tab, set your drive letters correctly for your SQL databases , Logs , TempDB , and backup .

On the TempDB , complete the various information based on the Database sizing section below.

Click Install

Complete the installation by clicking Close
Back in the SQL Server Installation Center, click on Install SQL Server Management tools.

This will redirect you to the Download page of SQL Server Management Studio. SSMS is no longer tied to the SQL server installation in terms of version.

Adjust the installation path if needed, then click Install

Click on Install SQL Reporting Services in the SQL Serv er Installation Center.

The SQL reporting services are just like the Management console; they require a separate download .

Click on Install Reporting Services

Provide the Product key

Accept License terms

Select the installation path, click Install

A reboot is required after the installation

Apply SQL 2017 CU 2 or higher

At the time of this writing, the latest SQL Cumulative Update is CU17 . We will install it to have an updated SQL Installation. Note that CU2 is the minimum requirement.

Download and execute SQL 2017 CU17
Accept the license terms and click Next

Leave default values, click Next

Wait for Check File in Use and click Next

Click Update

Update completed; might require a reboot.

When you configure SQL Server to use the local system account, a Service Principal Name (SPN) for the account is automatically created in Active Directory Domain Services. When the local system account is unused, you must manually register the SPN for the SQL Server service account.

Since we are using a domain account, we must run the Setspn tool on a computer that resides in the domain of the SQL Server. It must use Domain Administrator credentials to run.

Run both commands to create the SPN, Change the server name and account name in each commands.

setspn -A MSSQLSvc/yourservername:1433 yourdomain\SQLSA
setspn -A MSSQLSvc/yourserver.fullfqdn.com:1433 yourdomain\SQLSA

To verify the domain user SPN is correctly registered, use the Setspn -L command

setspn –L yourdomain\SQLSA

SCCM setup verifies that SQL Server reserves a minimum of 8 GB of memory for the primary site. To avoid the warning, we’ll set the SQL Server memory limits to 8GB-12GB (80% of available RAM).

Open SQL Server Management Studio
Right-click the top SQL Server instance node.
Select Properties
Minimum 8192
Maximum 12288

We always recommend creating the SCCM database before the setup. This is not mandatory, SCCM will create the database for you during setup but will not create it the optimal way. We strongly recommend watching The Top Ten Lessons Learned in Managing SQL session from MMS2013 which covers it all.

We follow the guide made by MVP, Kent Agerlund to estimate my DB sizing need. Visit his blog post and download the provided Excel file. Input your values in the blue cells and keep it for the next part. We’ll create the DB using those values using a script in the next section.

For this blog post, We’ve created a Database for 2000 clients, 2 processors, 2 cores and 16GB RAM.

To create the database, you can use Kent’s script and input your values (as returned previously in the Excel file) OR use the following one which is really simple:

The Name value will become your Site Code during the SCCM installation. Be sure to select a unique Site Code.

**Replace all XXX value with your 3 character Site Code**
**Change the values of the Filename, Size, MaxSize and FileGrowth. Change the location of the file to your SQL and Logs drives**

USE master CREATE DATABASE CM_XXX ON ( NAME = CM_XXX_1,FILENAME = ‘E:\SCCMDB\CM_XXX_1.mdf’,SIZE = 7560, MAXSIZE = Unlimited, FILEGROWTH = 2495) LOG ON ( NAME = XXX_log, FILENAME = ‘G:\SCCMLogs\CM_XXX.ldf’, SIZE = 4990, MAXSIZE = 4990, FILEGROWTH = 512) ALTER DATABASE CM_XXX ADD FILE ( NAME = CM_XXX_2, FILENAME = ‘E:\SCCMDB\CM_XXX_2.mdf’, SIZE = 7560, MAXSIZE = Unlimited, FILEGROWTH = 2495)

Review the Site Database properties

Open SQL Management Studio
Right-click your DB, Select Properties
In the General tab, verify that the SQL collation name is SQL_Latin1_General_CP1_CI_AS

In the File tab, verify that your database files has been created with the script value
Verify that the file is located on your SQL Volume
Change the database owner to SA. By default the owner will be the account that created the database.

If you find out that you made an error, you can safely delete the Database using SQL Management Studio and rerun the script.

Right-click your DB, Select Delete

This section is left here for reference to help configure the TempDB in the installation wizard.

Run the following scripts to size the TempDB. (using the value returned by the Excel file)

**Change the values of Filename, Size, MaxSize and FileGrowth. Change the location of the file to your TempDB drives**

use master go alter database tempdb modify file (name=’tempdev’, filename=’F:\SCCMTempDB\tempDB.MDF’, SIZE= 4536, MAXSIZE = Unlimited, FILEGROWTH = 512) go alter database tempdb modify file (name=’templog’, filename=’G:\SCCMLogs\templog.LDF’, SIZE= 2268, MAXSIZE = Unlimited, FILEGROWTH = 512) go

Review the TempDB properties

In System Database, Right click the TempDB, select Properties
In the File Tab, verify that your database files has been created with the script value
Ensure that the TempDB and log are on the TempDB volume

To ensure proper SQL communication, verify that settings are set accordingly in SQL Network configuration

Open SQL Server Configuration Manager
Go to SQL Server Network Configuration / Protocols for MSSQLServer
On the Right Pane, right-click TCP/IP and select Properties
Enable: YES
Listen All : NO

In the IP Addresses tab
Active : YES
Enabled : YES
Enabled : NO
TCP Dynamic Ports : Blank value
TCP Port : 1433

Once the modification has been made, restart the SQL Server Service.

The server is now ready for the SCCM installation. We will now run the prerequisite checker and proceed to the complete SCCM Installation. We will install a stand-alone Primary site.

Part 3 – SCCM Current Branch Installation

Before launching the SCCM installation, we recommend launching the Prereqchk tool in order to verify if all components are configured correctly. The SCCM installation wizard will also run this check but if you’re missing a requirement, you’ll have to go through the whole installation wizard again after fixing it. We prefer to use the standalone tool before running the setup.

To start the prerequisite check tool :

Open an Administrator command prompt
Browse to .\SMSSETUP\BIN\X64
Run the following command: Prereqchk.exe /AdminUI

If you follow the prerequisite guide correctly you’ll have this result :

Refer to this Technet article to see the list of all checks done by the tool.

If you have any warning or error refer to this Technet article in order to resolve it, or go thought part 1 and part 2 of this guide.

We are finally ready to launch the setup. First, reboot the server. This will make sure that the machine is not in a Reboot pending state.

Mount and open the SCCM ISO that was previously downloaded from the Microsoft Volume Licensing Site
Run Splash.hta
Select Install

On the first screen, Click Next

On the Getting Started screen, Select Install a Configuration Manager Primary Site and click Next

On the Product Key screen, enter it and click Next

On the Microsoft Software License Terms screen, accept the terms and click Next
On the Product License Terms screen, accept the License Terms and click Next

On the Prerequisite Downloads screen, specify a location to download the prerequisite file. This folder can be deleted after setup

On the Server Language Selection screen, select the language you want to display in the SCCM Console and Reports. You can modify language later by running setup again and select the Site Maintenance option

On the Client Language Selection screen, select the Client language to support. You can modify languages later by running setup again and select the Site Maintenance option

Note : Site codes cannot be used more than one time in a Configuration Manager hierarchy for a central administration site or primary sites. If you reuse a site code, you run the risk of having object ID conflicts in your Configuration Manager hierarchy. This applies also if you’re doing a migration from an earlier version.
Enter your Site Name. This name will appear in the console so choose accordingly

On the Primary Site Installation screen, select Install the primary site as a stand-alone site. If you have a Central Administration site , this is where you would join the Primary Site to the existing hierarchy

On the warning, click Yes

On the Database Information screen
Enter your SQL Server Name . In our case the SQL server is the same box as SCCM
Leave the Instance Blank
Enter your Database name . Once again, this must match the previously created Database in part 2
Leave the Service Broker Port to 4022

Enter the path to the SQL Server data file. Locate this on the SQL Volume
Enter the path to the SQL Server log file. Locate this on the SQL Logs Volume.
I like to use the same directory where I created my database and logs (E:\SCCMDB, G:\SCCMLogs)

On the SMS Provider Settings screen, leave the SMS Provider to the default value which is the local server. Refer to the following Technet article to read about the SMS Provider.

On the Client Computer Communication Settings screen, select Configure the communication method on each site system role. This is where you select to have HTTPS or not on your initial Management Point and Distribution Point. This setting can be changed later

On the Site System Roles screen :
Check Install a Management Point
Check Install a Distribution Point
The Client connection drop-down is unavailable due to our previous selection

On the Usage Data screen, click Next. This new screen basically tells that you accept that you will send some telemetry data to Microsoft

On the Service Connection Point screen, click Next. This new role enables your deployment to download updates and new features

On the Settings Summary Screen, review your options and click Next

On the Prerequisite Check screen, you should have no error since you’ve run it before setup, click Next

The installation is in progress. You can count between 15 and 30 minutes depending of your server specifications

You can follow the progress by clicking the View Log button or open the ConfigMgrSetup.log file on the C: drive

Wait for Core setup has completed and close the wizard

We’re still not done yet ! Before opening the SCCM console, we suggest to install the following tools :

CMTrace will become your best friend when reading log files.

Open the SCCM ISO
Browse to .SMSSETUPTOOLS
Click on CMTrace.exe
Click on YES to set is as your default log viewer

Additionally, you can read our blog post :

How to use CMTrace like a Pro Part 1
How to use CMTrace like a Pro Part 2

The SCCM 2012 R2 toolkit is compatible with SCCM Current Branch and contains fifteen downloadable tools to help you manage and troubleshoot SCCM.

Download and install it here

You can also refer to our blog post about Useful Resources to help you begin with SCCM. If you need further help to understand and configure various SCCM site components, consult our Step-by-Step SCCM 1511 Installation Guide blog series. It covers all you need to know.

The first task we like to do after a new SCCM installation is to upgrade it to the latest version. If you’re not familiar with this, Microsoft releases a Baseline version that you can install from scratch and then, you must upgrade to the latest version. We have a bunch of guides for each version. For reference, at the time of this blog post, the baseline is 1902 and the latest version is SCCM 1910. Just follow our latest upgrade guide and you’ll be at the latest available version.

The next sections will be for configuring the various site server roles in your newly installed SCCM server. Role installation order is not important, you can install roles independently of others.

Part 4 – Application Catalog web service point

This part will describe how to install the SCCM Application Catalog web service point and the Application Catalog website point. Both of these roles are now unsupported . We do not recommend adding this role to your hierarchy.

The application catalogue’s Silverlight user experience isn’t supported as of current branch version 1806. Starting in version 1906, updated clients automatically use the management point for user-available application deployments. You also can’t install new application catalogue roles. Support ends for the application catalogue roles with version 1910 .

The Application Catalog web service point provides software information to the Application Catalog website from the Software Library.

The Application Catalog website point provides users with a list of available software.

This is not a mandatory site system but you need both the Application Catalog website point and the Application Catalog web service point if you want to provide your user with a Self-Service application catalog (web portal).

The Application Catalog web service point and the Application Catalog website point are hierarchy-wide options. It’s supported to install those roles on a stand-alone Primary site or child Primary site. It’s not supported to install it on a Central Administration site or Seconday site. The Application Catalog web service point must reside in the same forest as the site database.

If you’re having less than 10,000 users in your company, co-locating the Application Catalog web service and Application Catalog website roles on the same server should be ok. The web service role connects directly to the SCCM SQL database so ensure that the network connectivity between the SQL server and the Application Catalog web service servers is robust.

If you have more geographically distributed users, consider deploying additional application catalogs to keep responsiveness high and user satisfaction up. Use client settings to configure collections of computers to use different Application Catalog servers.

Read more on how to provide a great application catalog experience to your user in this Technet blog article .

If your client needs HTTPS connections, you must first deploy a web server certificate to the site system. If you need to allow Internet clients to access the application catalog, you also need to deploy a web server certificate to the Management Point configured to support Internet clients . When supporting Internet clients, Microsoft recommends that you install the Application Catalog website point in a perimeter network, and the Application Catalog web service point on the intranet. For more information about certificates see the following Technet article .

Using Windows Server 2012, the following features must be installed before the role installation:

Application Catalog web service point

.NET Framework 3.5 SP1 and 4.0

WCF activation:

HTTP Activation
Non-HTTP Activation

IIS Configuration:

ASP.NET (and automatically selected options)
IIS 6 Metabase Compatibility

Application Catalog website point

.NET Framework 4.0
Static Content
Default Document
Windows Authentication

SCCM Application Catalog Installation

For this post, we will be installing both roles on our stand-alone Primary site using HTTP connections. If you split the roles between different machines, do the installation section twice, once for the first site system (selecting Application Catalog web service point during role selection)and a second time on the other site system (selecting Application Catalog website point during role selection).

Open the SCCM console
Navigate to Administration / Site Configuration / Servers and Site System Roles
Right-click your Site System and click Add Site System Roles
On the General tab, click Next
On the Proxy tab, click Next
On the Site System Role tab, select Application Catalog web service point and Application Catalog website point, click Next

In the IIS Website and Web application name fields,leave both to the default values
This is just the name that you’ll see in IIS after the installation (see next screenshot). It has nothing to do with your user facing portal
Enter the port and protocol that you want to use

In the IIS Website keep the default value
In Web application name, enter the name that you want for your Application Catalog. This is the URL that will be published to your users

On the Application Catalog Customizations tab, enter your organization name and the desired colour for your website

On the Summary tab, review your settings, click Next and complete the wizard

You can verify the role installation in the following logs:

ConfigMgrInstallationPath \Logs\ SMSAWEBSVCSetup.log and awebsvcMSI.log – Records details of about the Application Catalog Web Service Point installation
ConfigMgrInstallationPath \Logs\ SMSPORTALWEBSetup.log and portlwebMSI.log – Records details of about the Application Catalog Website Point installation

In the console :

Open the SCCM Console
Go to Monitoring / System Status / Component Status
See status of the components SMS_PORTALWEB_CONTROL_MANAGER and SMS_AWEBSVC_CONTROL_MANAGER

Web browser

Verify that the Application Catalog is accessible :

Open a web browser
Replace YourServerName with the server name on which you installed the Application Catalog Website Point
Replace CMApplicationCatalog with the name that you give your Application Catalog. (Default is CMApplicationCatalog)

If everything is set up correctly, you’ll see a web page like this :

The default URL to access the Application Catalog is not really intuitive for your users.

It’s possible to create a DNS entry to redirect it to something easier (ex: http://ApplicationCatalog) The following Coretech article describe how to achieve that.

Ensure that the client settings for your clients are set correctly to access the Application Catalog

Go to Administration / Client Settings
Right-click your client settings and select Properties
On the left pane, select Computer Agent
Click the Set Website button and select your Application Catalog (the name will be automatically populated if your Application Catalog is installed)
Select Yes on both Add Default Application Catalog website to Internet Explorer trusted site zone and Allow Silverlight application to run in elevated trust mode
Enter your organisation name in Organisation name displayed in Software Center

That’s it, you’ve installed your SCCM Application Catalog, publish the link to your user and start publishing your applications.

Part 6 – Asset Intelligence Synchronization Point

This part will describe the Asset Intelligence Synchronization Point (AISP).

The AISP is used to connects to Microsoft in order to download Asset Intelligence catalog information and upload uncategorized titles. For more information about planning for Asset Intelligence, see Prerequisites for Asset Intelligence in Configuration Manager .

This is not a mandatory Site System but we recommend to install the AISP if you are planning to use Asset Intelligence. Read our blog post on Why should you use Asset Intelligence in SCCM .

The AISP is a hierarchy-wide option. SCCM supports a single instance of this site system role in a hierarchy and only at the top-level site. Install it on your Central Administration Site or stand-alone Primary Site depending of your design.

Navigate to Administration / Site Configuration / Servers and site System Roles

sccm 2012 install asset intelligence synchronization point

On the Proxy tab, enter your Proxy server information if needed and click Next

On the Site System Role Selection tab, select Asset Intelligence Synchronization Point , click Next

By default, the Use this Asset Intelligence Synchronization Point setting is selected and cannot be configured on this page. System Center Online accepts network traffic only over TCP port 443, therefore the SSL port number setting cannot be configured on this page of the wizard
You can specify a path to the System Center Online authentication certificate (.pfx) file. Typically, you do not specify a path for the certificate because the connection certificate is automatically provisioned during site role installation

Specify the desired catalog Synchronization Schedule , click Next

On the Summary tab, review your setting and click Next

Wait for the setup to complete and close the wizard
AIUSSetup.log – Information about the installation of the Asset Intelligence catalog synchronization point site system role
AIUpdateSvc.log – Information about the Asset Intelligence catalog synchronization service
Aikbmgr.log – Information about the Asset Intelligence catalog manager service
Verify that the role installation is completed in AIUSSetup.log

Navigate to Assets and Compliance / Overview / Asset Intelligence
Verify that the Sync is Enabled and Successful

In order to have inventory data, first ensure that Hardware Inventory is enabled in your Client Settings.

Navigate to Administration / Client Settings
Right-click your Client Settings and choose Properties
On the Hardware Inventory Tab
Ensure that your hardware inventory is Enabled

Once confirmed, enable inventory reporting classes :

Navigate to Assets and Compliance / Asset Intelligence
Right-click Asset Intelligence and select Edit Inventory Classes

Select Enable only the selected Asset Intelligence reporting classes
See the following Technet article to see dependencies between hardware and reporting class

2 maintenance tasks are available for Asset Intelligence :

This maintenance task checks that the software title that is reported in software inventory is reconciled with the software title in the Asset Intelligence catalog.
This maintenance task provides the information that is displayed in the Assets and Compliance workspace. When the task runs, Configuration Manager gathers a count for all inventoried software titles at the primary site.

To set the maintenance tasks :

Navigate to Administration / Site Configuration / Sites
Select Site Maintenance on the top ribbon
Select the desired schedule for both tasks

You’re now done installing the AISP.

Part 7 – Certificate Registration Point

We will describe how to install SCCM Certificate Registration Point (CRP).

Using SCCM and Intune, the CRP communicates with a server that runs the Network Device Enrollment Service (NDES) to provision device certificate requests.

This is not a mandatory Site System but we recommend to install a CRP if you need to provision client certificates to your devices (like VPN or WIFI).

sccm 2012 certificate registration point

Before the CRP can be installed, dependencies outside SCCM is required. I won’t cover the prerequisite configuration in details as they are well documented on this Technet article and it goes beyond SCCM. Here’s an overview of what needs to be done :

Install the NDES role on a Windows 2012 R2 Server
Modify the security permissions for the certificate templates that the NDES is using
Deploy a PKI certificate that supports client authentication
Locate and export the Root CA certificate that the client authentication certificate chains to
Increase the IIS default URL size limit
Modify the request-filtering settings in IIS

On the machine that will receive the CRP role, install the following using Windows server role and features:

ASP .NET 3.5
ASP .NET 4.5
WCF HTTP Activation

If you are installing CRP on a remote machine from the site server, you will need to add the machine account of the site server to the local administrator’s group on the CRP machine.

The Certificate Registration Point must not be installed on the same server that runs the Network Device Enrollment Service. It’s supported to install this role on a Central Administration Site, child Primary Site or stand-alone Primary Site but it’s not supported on a Secondary Site.

CRP Installation

Right click your Site System and click Add Site System Roles

On the Site System Role tab, select Certificate Registration Point, click Next

On the Certificate Registration Point Properties, leave the default website name and virtual application name. Take note of your Virtual Application Name, you will need it later.
Click on Add
This URL will be part of the profile send to the devices. The device will needs to access this URL from the internet
Example : https://ndes.systemcenterdudes.com/certsrv/mscep/mscep.dll
Enter the path to your exported Root CA Certificate (.cer file)

Once completed, click on Next , review the Summary and close the wizard
ConfigMgrInstallationPath\Logs\crpmsi.log – Detailed CRP Installation status
HTTP Error 403 is ok. If you have a 404 error or 500 error, look at the logs file before continuing

After the CRP is installed, the system will export the certificate that will be used for NDES plugin to the certmgr.box folder. It may take up to 1 hour to appear.

Save this .cer file on the NDES server as we will need it in the next section.

Now that the Certificate Registration Point has been installed, we must install a plug-in on the NDES server to establish the connection with SCCM.

On the server that runs the Network Device Enrollment Service :

Copy the \SMSSETUP\POLICYMODULE\X64 folder from the the Configuration Manager installation media to a temporary folder
From the temporary folder, run PolicyModuleSetup.exe
Click Next, accept the license terms and click Next
On the Installation Folder page, accept the default installation folder click Next
On the Certificate Registration Point page, specify the URL of the Certificate Registration Point. This is the Virtual Application Name created during the SCCM role installation (Example : https://crp.systemcenterdudes.com/CMCertificateRegistration )
Accept the default port of 443, click Next
On the Client Certificate for the Policy Module page , browse to and specify the client authentication certificate. This is the same certificate you used in the CRP Installation wizard in SCCM
On the Certificate Registration Point Certificate page , click Browse to select the exported certificate file (the one exported from \inboxes\certmgr.box )
Click Next and complete the wizard
Open the registry editor and browse to HKLM\SOFTWARE\Microsoft\Cryptography\MSCEP
Make sure that the values of EncryptionTemplate, GeneralPurposeTemplate and SignatureTemplate match the names of the template on your CA

Open Internet Explorer on the NDES server and browse to https://ndes.systemcenterdudes.com/certsrv/mscep/mscep.dll , you will no longer see the web page but instead you should see an error 403, this is expected

Once all the above has been configured and verified, you are ready to create your certificate profile in SCCM.

Here are my favourites articles covering the subject :

Technet Article
Configuration Team Blog article
Pieter Wigleven’s installation (Technical Solution Professional at Microsoft)
Peter van der Woude’s key configuration steps

Part 8 – Distribution Point Installation

In this part, we will describe how to perform an SCCM distribution point installation.

I saw a lot of posts recently on the Technet forum which leads me to think that there’s a lack of documentation explaining this.

Several distribution points can provide better access to available software, updates, and operation systems. A local Distribution Point also prevents the installation thought the WAN.

Functional SCCM hierarchy
SCCM Admin console access
RDP access on the Distribution Point server
The required level of security in the SCCM console

Prevent package from replication on the wrong drive

Logon locally on the target machine with remote desktop
Create an empty file called NO_SMS_ON_DRIVE.SMS on the root of each drive where SCCM should NOT write. (If any)

Local Administrator group

On the DP, add a group that contains your site system computer account in the Administrators group.

I like to create a SCCM system groups that contain all my distribution points.

Open Server Manager
Expand Local Users and Groups
Click on Groups
Double-click on “Administrators”
Add the security groups that contain the SCCM computer account

Windows Server configuration – Roles and Features

Configuration Manager requires some roles and features to be installed on the server prior to the DP installation

Open Server Manager, on the Features node, starts the Add Features Wizard .
On the Select Features page, select Remote Differential Compression

SCCM 2012 Distribution point Installation

IIS needs to be installed on the server but it will automatically be installed using the site installation wizard.

Make sure that these roles are installed on your server prior to the installation :

IIS WMI Compatibility tool
IIS Scripting Tool

For Windows Server 2012+, WDS is installed and configured automatically when you configure a distribution point to support PXE or Multicast.

For Windows Server 2003, you must install and configure WDS manually.

The distribution point site system role does not require Background Intelligent Transfer Service (BITS). When BITS is configured on the distribution point computer, BITS on the distribution point computer is not used to facilitate the download of content by clients that use BITS

Microsoft Visual C++ 2008 Redistributable

You can run the Microsoft Visual C++ 2008 Redistributable Setup from the Configuration Manager installation at: <ConfigMgrInstallationFolder>\Client\x64\vcredist_x64.exe

For Configuration Manager SP1, vcredist_x64.exe is installed automatically when you configure a distribution point to support PXE.

For Windows 2012 only, you need to enable Powershell 3.0 (or further) before installing the distribution point.

Ensure that your firewall is set correctly. 2 ports need to be opened.

Reboot your server to avoid the case where your server is in “Reboot pending State” which will result in unexpected reboot during distribution point installation.

Now that the Distribution point server is ready to receive a new role, we need to add the server to the site server list

Add new distribution point server to the SCCM console – Site System

In the Configuration Manager console, click Administration
In the Administration workspace, expand Site Configuration , and then right click Servers and Site System Roles .
Select Create Site System Server . The Create Site System Server Wizard opens.

On the General page , specify the Name for the site system server
Select the Site Code and Click Next

Do not specify a proxy server, click Next

Select Distribution point in the role selection screen, click Next

Check Install and configure IIS if required by CM
Add a description if needed
Select HTTP
Select Create self-signed certificate, click Next

Set drive configuration to your needs. This is where the SCCMContentLib will be created so select a drive with enough storage space, click Next

Do not configure a pull distribution point, click Next

Do not configure PXE for now, click Next

Do not enable multicast for now, click Next

Enable content validation to occur where it fits your environment, click Next

Add the boundary group that needs to be associated with this DP and Uncheck the Allow fallback source location for content , click Next

Review the summary page and complete the installation, click Next

WARNING Your remote server may reboot if there’s a missing requirement

At this point, the major part of installation a distribution point server is completed.

You can track the installation progress in 2 logs:

Distmgr.log on the site server
Smsdpprov.log on the distribution point. ( InstallationDrive \SMS_DP$\SMS\Logs)

Windows Explorer

At this point, you will the SCCM file structure created on the site server.

You can also track the installation progress in the SCCM console under Monitoring / Distribution Status / Distribution Point Configuration Status

Click on your DP
Click the detail tab on the bottom
Check for green check mark on all components

Note: Error on the IIS Virtual directory is normal at the start of the process. SCCM is making a check as if IIS is installed at the start of the process even if you tell SCCM to enable you IIS for you. That results in errors but be patient and the installation should succeed anyway

Verify the status of your new DP in Administration / System Status / Site Status

You can now replicate your content to your newly created DP. Replicate manually all your content or add your DP in an existing DP group.

Replicate a package or Application to your newly created site system

Verify that the content is well replicated in the SCCM Console. (or check distmgr.log )

That’s it ! You’re done creating your DP.

If you have multiple Distribution Points, I suggest you read our post on 8 ways to monitor your distribution points. This post explains in detail the various options to make sure that your DP is healthy.

You can also check our custom report about Distribution Point Monitoring to display all your DP status using a single click.

Part 9 – Endpoint protection point

In this part, we will describe how to install SCCM Endpoint Protection Point (EPP).

The Endpoint Protection Point provides the default settings for all antimalware policies and installs the Endpoint Protection client on the Site System server to provide a data source from which the SCCM database resolves malware IDs to names. When you install this Site System Role, you must accept the license terms for System Center 2012 R2 Endpoint Protection.

This is not a mandatory Site System but you need to install a EPP if you’re planning to use SCCM as your anti-virus management solution (using Endpoint Protection).

This Site System is a hierarchy-wide option. SCCM supports a single instance of this site system role in a hierarchy and only at the top-level site in the hierarchy. It’s supported to install this role on a Central Administration Site or stand-alone Primary Site.

Before installing the EP role, you must have a Software Update Point installed and configured.

EPP Installation

On the Site System Role tab, select Endpoint Protection Point, click Next

Accept the License Terms and click Next

Select Do not join MAPS , click NEXT

• On the Summary tab, review your settings and click Next

Wait for the setup to complete and click Close

After the installation, you must add Endpoint Protection definition files in your Software Update Point.

Click the Configure Site Components button and select Software Update Point

On the Product tabs, check Forefront Endpoint Protection 2010 and click Ok

ConfigMgrInstallationPath\Logs\EPSetup.log – Detailed EP Installation status

ConfigMgrInstallationPath\Logs\Wsyncmgr.log – SUP Synchronization status

You are now ready to manage EndPoint Protection using SCCM. We have a complete guide to managing endpoint protection. You can download it from our product page .

Part 10 – Enrollment Point Installation

We will describe how to install SCCM Current Branch Enrollment Point and Enrollment Proxy Point site system roles.

The Enrollment Point uses PKI certificates for Configuration Manager to enroll mobile devices, Mac computers and to provision Intel AMT-based computers.

The Enrollment Proxy Point manages Configuration Manager enrollment requests from mobile devices and Mac computers.

This is not a mandatory site system but you need both Enrollment Point and Enrollment Proxy Point if you want to enroll legacy mobile devices, Mac computers and to provision Intel AMT-based computers. Since modern mobile devices are mostly managed using Windows Intune , this post will focus mainly on Mac computer enrollment.

The SCCM Enrollment Point and Enrollment Proxy Point are site-wide options. It’s supported to install those roles on a stand-alone or child Primary site. It’s not supported to install it on a Central Administration site or Secondary site.

You must install an SCCM Enrollment Point in the user’s forest so that the user can be authenticated if a user enrolls mobile devices by using SCCM and their Active Directory account is in a forest that is untrusted by the site server’s forest.

When you support mobile devices on the Internet, as a security best practice, install the Enrollment Proxy Point in a perimeter network and the Enrollment Point on the intranet.

Beginning with System Center 2012 Configuration Manager SP2, the computer that hosts the SCCM Enrollment Point or Enrollment Proxy Point site system role must have a minimum of 5% of the computers available memory free to enable the site system role to process requests. When those site system role are co-located with another site system role that has this same requirement, this memory requirement for the computer does not increase, but remains at a minimum of 5%.

Enrollment Point

.NET Framework 3.5
HTTP Activation (and automatically selected options)
ASP.NET 4.5
ASP.NET 3.5 (and automatically selected options)
.NET Extensibility 3.5
ASP.NET 4.5 (and automatically selected options)
.NET Extensibility 4.5

Enrollment Proxy Point

SCCM Enrollment Point Installation

For this post we will be installing both roles on a stand-alone Primary site using HTTPS connections. If you split the roles between different machine, do the installation section twice, once for the first site system (selecting Enrollment Point during role selection)and a second time on the other site system (selecting Enrollment Proxy Point during role selection).

On the Site System Role tab, select Enrollment Point and Enrollment Proxy Point , click Next

This is the names that you’ll see in IIS after the installation
Enter the port number you want to use. The HTTPS setting is automatically selected and requires a PKI certificate on the server for server authentication to the Enrollment Proxy Point and for encryption of data over SSL. For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager .

The Enrollment point will be populated by default and can’t be changed
Keep the Website name to it’s default value
The Virtual application name can’t be changed. This will be used for client installation (https://servername/ EnrollmentServer )

ConfigMgrInstallationPath \Logs\ enrollsrvMSI.log and enrollmentservice.log – Records details of about the Enrollment Point installation
ConfigMgrInstallationPath \Logs\ enrollwebMSI.log – Records details of about the Enrollment Proxy Point installation
ConfigMgrInstallationPath \Logs\ enrollmentweb.log – Records communication between mobile devices and the Enrollment Proxy Point

That’s it, you’ve installed your SCCM Enrollment Point, follow this Technet Guide if you want to proceed to next steps for Mac computers enrollment

Part 12 – Fallback Status Point

We will describe how to install SCCM Fallback Status Point (FSP).

The FSP helps monitor client installation and identify unmanaged clients that cannot communicate with their management point.

This is not a mandatory Site System but we recommend to install a FSP for better client management and monitoring. This is the Site System that receive State Message related to client installation, client site assignment, and clients unable to communicate with their HTTPS Management Point.

If the FSP is not configured properly you’ll end up having A fallback status point has not been specified errors in your logs.

This Site System is a hierarchy-wide option. It’s supported to install this role on a child Primary Site or stand-alone Primary Site but it’s not supported on a Central Administration site nor Secondary Site.

On the Site System Role tab, select Fallback Status Point, click Next

On the Fallback Status Point tab, specify the number of state messages to process. We recommend to leave the default value, click Next

Smsfspsetup.log – DetailedFSP Installation status

Fspmgr.log – Verify whether clients are successfully sending state messages to the FSP

You can also check if reports that depend on the FSP are populated with data. See the full list of reports that rely on the FSP here .

Use the FSP client properties to point your clients to your newly created FSP

Navigate to Administration / Site Configuration / Site
Click the Client Installation Setting icon on the ribbon
Select Client Push Installation
On the Installation Properties tab
Enter your server FQDN in the FSP properties

Part 13 – Management Point Installation

We will describe how to install an SCCM Management Point (MP).

Every SCCM hierarchy must have a Management Point to enable client communication. The Management Point is the primary point of contact between Configuration Manager clients and the site server. Management Points can provide clients with installation prerequisites, configuration details, advertisements and software distribution package source file locations. Additionally, Management Points receive inventory data, software metering information and state messages from clients.

Multiple Management Points are used for load-balancing traffic and for clients to continue receiving their policy after Management Point failure. Read about SCCM High-Availability options in this Technet article .

Prior to SCCM 2012 R2 SP1, it was not possible to assign client directly to a specific Management Point. It’s now possible using the new Preferred Management Point feature . Read about how clients choose their Management Point in this Technet article .

The Management Point is a site-wide option. It’s supported to install this role on a stand-alone Primary site, child Primary site or Seconday site. It’s not supported to install a Management Point on a Central Administration site.

Each primary site can support up to 10 Management Points.

By default, when you install a Secondary site, a Management Point is installed on the Secondary site server. Secondary sites do not support more than one Management Point and this Management Point cannot support mobile devices that are enrolled by Configuration Manager.

See the full Supported Configuration in the following Technet article .

On Windows 2012, the following features must be installed before the Management Point Installation:

.NET Framework 4.5
BITS Server Extensions or Background Intelligent Transfer Services (BITS)
ISAPI Extensions
IIS 6 WMI Compatibility
On the Site System Role tab, select Management Point, click Next

SCCM 2012 R2 Management Point Installation

On the Management Point tab
Select the desired client connections methods. HTTPS required to have a valid PKI certificate for client authentication

On the Management Point Database tab, specify if you want to use the site database or a database replica. Read about database replica here
Specify if you want to use the computer account of the Management Point to connect to the database or a specified account

You can verify the installation in the following logs:

ConfigMgrInstallationPath \Logs\ mpMSI.log – Records details of about the management point installation
ConfigMgrInstallationPath \Logs\ MPSetup.log.log – Records the management point installation wrapper process

Part 14 – Reporting Point Installation

We will describe how to install a SCCM Current Branch reporting services point.

This role can be installed on a remote machine, the process is the same but the location of the logs is different.

Before you can install the reporting services point role you must configure SQL correctly.

We’ll be using SQL 2012 on this post. We are assuming that SQL is already installed and that your SCCM site is up and healthy.

During the initial SQL installation, you must select Reporting Services .

If you have installed SQL Server, but have not installed Reporting Services follow the following steps. If Reporting Services is already installed, skip to the “ Configure Reporting Services ” section.

Launch the SQL Server 2012 installation from the media.
Click the Installation link on the left to view the Installation options.
Click the top link, New SQL Server stand-alone installation or add features to an existing installation.

Follow the SQL Server Setup wizard until you get to the Installation Type screen.
Select Add features to an existing instance of SQL Server 2012 .
Click Next to move to the Feature Selection page.

Select Reporting Services – Native

At the Reporting Services Configuration page
Select Install Only

Continue through the wizard and reboot the computer at the end of the installation if instructed to do so.

Before configuring the reporting point, some configuration needs to be made on the SQL side. The virtual instance needs to be created for SCCM to connect and store its reports.

If you installed Reporting Services during the installation of the SQL Server instance, SSRS will be configured automatically for you. If you install SSRS later, then you will have to go back and configure it as a subsequent step.

To configure, Open Reporting Services Configuration Manager

Click Start > All Programs > Microsoft SQL Server > Configuration Tools > Reporting Services Configuration Manager

Click Connect to connect to the SQL instance

On the left-hand side of the Reporting Services Configuration Manager, click Database .
Click the Change Database button

Select Create a new report server database and click Next

This wizard creates two databases: ReportServer , used to store report definitions and security, and ReportServerTempDB which is used as scratch space when preparing reports.

Click the Web Service URL tab
Click Apply

This step sets up the SSRS web service. The web service is the program that runs in the background that communicates between the web page, which you will set up next, and the databases.

Select the Report Manager URL
Accept the default settings and click Apply .

If the Apply button was already grayed out, this means the SSRS was already configured. This step sets up the Report Manager web site where you will publish reports

Exit Reporting Service Configuration Manager.

Navigate to Administration/Site/Configuration/Servers and Site System Roles
Right-click on your Site Server and click Add system Roles

On the General tab, click Next

On the Proxy tab, Click Next

On the Site System Role, select Reporting Services Point , Click Next

On Rethe porting Services setting tab
Click Verify
At the bottom, Add an account to use for the reporting point. This account needs to have access to the SCCM DB

Wait for the process to complete and close the wizard

Using the simple recovery model improves performance and saves your server hard drive and possibly a large transaction log file.

To change the Recovery Model of the ReportingDB to Simple

Open SQL Management Studio
Right-click on the ReportServer database and select Properties
Go to the Options page
Under Recovery model select Simple

Check for the following logs for reporting point installation status. Both logs are under the SCCM logs file locations.

Srspsetup.log
Srsrpmsi.log

If your reporting point is installed on a remote server look for the logs in :

Drive: \SMS\Logs\

Open Monitor/Reporting/Reports node. Verify that your reports are listed

Open Internet Explorer, navigate to http://yourservername/Reports

If everything went well, you’ll have a folder Config_SiteCode containing your reports

If you check your SQL instance, you’ll see the 2 new database which were created by the installation.

Locate ReportServer and ReportServerTempDB

Happy reporting! 🙂

Part 15 – Software Update Point Installation

We will describe how to install SCCM Current Branch Software Update Point (SUP).

The SUP integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients.

This is not a mandatory Site System but your need to install a SUP if you’re planning to use SCCM as your patch management platform.

This Site System is a site-wide option. It’s supported to install this role on a Central Administration Site, child Primary Site, stand-alone Primary Site and Secondary Site.

When your hierarchy contains a Central Administration Site, install a Software Update Point and synchronizes with Windows Server Update Services (WSUS) before you install a SUP at any child’s Primary Site.

When you install a Software Update Point at a child Primary Site, configure it to synchronize with the SUP at the Central Administration Site.

Consider installing a SUP in Secondary Site when data transfer across the network is slow.

The WSUS Administration Console is required on the Configuration Manager site server when the software update point is on a remote site system server and WSUS is not already installed on the site server. The WSUS version on the site server must be the same as the WSUS version running on the software update points.

When using WSUS 3.0 (on server 2008, it was possible to install the console only). This has changed with 2012 and 2016. One way to do it is to add the Windows Software Update Services role and deselecting Database and WID Database. The problem is that will still cause some trouble with the post-install task.

The recommended way to do it :

Start PowerShell Console (as Administrator)
Run : Install-WindowsFeature -Name UpdateServices-Ui

This will install the console only and not run a post-install task.

WSUS Installation

Perform the following on the server that will host the SUP role.

Open Server Manager / Add Roles and Features
Select the Windows Server Update Services Role, click Next

Select WSUS Services and Database, click Next

Launch Windows Server Update Services from the Start Menu. You will be prompt with the following window :

On the DB instance , enter your server name
On Content directory path , use a drive with enough drive space. This is where your WSUS will store updates

When the WSUS Configuration Wizard starts, click Cancel

Under Databases, Right-click SUSDB, select Properties and click Files
Change Owner to SA
Change the Autogrowth value to 512MB, click Ok and close SQL MS

Software Update Point Installation

On the Site System Role tab, select Software Update Point, click Next

On the Software Update Point tab, select WSUS is configured to use ports 8530 and 8531, click Next

On the Proxy and Account Settings tab, specify your credentials if necessary, click Next

On the Synchronization Source tab, specify if you want to synchronize from Microsoft Update or an upstream source. Refer to the Site System Placement section if you’re unsure. For a stand-alone Primary Site, select Synchronize from Microsoft Update, click Next

On the Synchronization Schedule tab, check the Enable synchronization on a schedule checkbox and select your desired schedule. 1 day is usually enough but it can be lowered if you’re synchronizing Endpoint Protection definition files, click Next

On the Supersedence Rules tab, select Immediately expire a superseded software update, click Next

Full description on this Microsoft Support Article

On the Products tabs, select the products that you want to manage using SCCM, click Next

On the Languages tab, select the desired language, click Next

On the Summary tab, review your settings, click Next, wait for the setup to complete and click Close

ConfigMgrSetup\Logs\SUPSetup.log -Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file
ConfigMgrSetup\Logs\WCM.log – Provides information about the software update point configuration and connecting to the WSUS server for subscribed update categories, classifications, and languages
ConfigMgrSetup\Logs\WSUSCtrl.log – Provides information about the configuration, database connectivity, and health of the WSUS server for the site
ConfigMgrSetup\Logs\Wsyncmgr.log – Provides information about the software updates synchronization process

Bonus link : I suggest that you read the excellent article written by Kent Agerlund on how to avoid what he calls the House of Cards

Part 16 – State Migration Point Installation

We will describe how to install SCCM Current Branch State Migration Point (SMP).

The State Migration Point stores user state data when a computer is migrated to a new operating system.

This is not a mandatory Site System but you need a State Migration Point if you plan to use the User State steps in your Task Sequence. These steps integrate with User State Migration Tools (USMT) to backup your user data before applying a new operating system to a computer.

The State Migration Point is a site-wide option. It’s supported to install this role on a child Primary Site, stand-alone Primary Site or Seconday Site. It’s not supported to install it on a Central Administration site.

The State Migration Point can be installed on the site server computer or on a remote computer. It can be co-located on a server that has the distribution point role.

SCCM State Migration Point Installation

On the Site System Role tab, select State Migration Point, click Next

Click the star icon, specify the folder where you want the data to be stored and how much space must be reserved on the drive
Specify the Deletion Policy. This is the delay to keep the data after a successful restore.
Enable Restore-Only mode if needed. Use this setting if you want your SMP to be in read-only mode. This is useful if you replace or decommission an existing SMP

On the Boundary Groups tab, add the boundary group that can access the State migration Point. If you add the role on a site system that already has the Distribution Point role, the boundary group of this DP will already be listed

ConfigMgrInstallationPath\Logs\ Smssmpsetup.log – Detailed State Migration Point Installation status
ConfigMgrInstallationPath\Logs\ Smpmsi.log – Provides information about the State Migration Point

If you have any error in the installation process refer to this post that explains the permission needed for the SMP to install correctly.

To store the user state data on a State Migration Point, you must create a package that contains the USMT source files. This package is specified when you add the Capture User State step to your task sequence.

If you don’t have this folder, it’s because you haven’t installed the USMT (included in Windows ADK) during your SCCM Installation
Copy the folder content in your Content Library (In my example D:\Sources\OSD\USMT )

Go to Software Library / Application Management / Packages
Right-click Packages and select Create a new package
Enter the Name, Manufacturer, Language
Check the This package contains source files check-box and specify your source folder ( D:\Sources\OSD\USMT)

On the Program Type tab, select Do not create a program and click Next

Complete the Create Package wizard

The State Migration Point and the USMT package are now ready for use in an OSD Task Sequence using the Capture User State and Restore User State steps.

Part 17 – System Health Validator Point

We will describe how to install SCCM Current Branch System Health Validator Point (SHVP).

The System Health Validator Point validates Configuration Manager Network Access Protection (NAP) policies.

This is not a mandatory site system but you need a System Health Validator Point if you plan to use NAP evaluation in your software update deployments. This site system integrates with an existing NAP server in your infrastructure.

The System Health Validator Point is a hierarchy-wide option. It’s supported to install this role on a Central Administration site, stand-alone Primary site, child Primary site. It’s not supported to install it on a Seconday site. The System Health Validator Point must be installed on a NAP health policy server.

On the Site System Role tab, select System Health Validator Point, click Next

There are no properties to configure for this site system role

ConfigMgrInstallationPath \Logs\ SMSSHVSetup.log – Detailed System Health Validator Point installation status

In order to enable Network Access Protection on your clients, you must configure your client settings :

Browse to Administration / Client Settings
Create a new client settings, select Network Access Protection on the left and choose Yes under Enable Network Access Protection on clients
Select the desired NAP re-evaluation schedule and click Ok

In case you’re used to NAP in SCCM 2007 and looking for a Network Access Protection node in the console, the 2012 version of NAP is slightly different.

From Technet :

The New Policies Wizard is no longer available to create a NAP policy for software updates: The Network Access Protection node in the Configuration Manager console and the New Policies Wizard are no longer available in System Center 2012 Configuration Manager. To create a NAP policy for software updates, you must select Enable NAP evaluation on the NAP Evaluation tab in software update properties.

Part 18 – Service Connection Point Installation

We will describe how to perform an SCCM Service Connection Point Installation. The Service Connection Point is a new site system role that serves several important functions for the SCCM hierarchy.

It might affect how you configure this site system role:

Manage mobile devices with Microsoft Intune – This role replaces the Windows Intune connector used by previous versions of SCCM, and can be configured with your Intune subscription details
Manage mobile devices with on-premises MDM – This role provides support for on-premises devices you manage that do not connect to the Internet
Upload usage data from your Configuration Manager infrastructure – You can control the level or amount of detail you upload
Download updates that apply to your Configuration Manager infrastructure – Only relevant updates for your infrastructure are made available, based on usage data you upload

Each hierarchy supports a single instance of this role . The site system role can only be installed at the top-tier site of your hierarchy (On a Central Administration Site or a stand-alone Primary Site).

The SCCM 1511 installation or upgrade wizard will ask to install the Service Connection Point. If you select to skip the role installation, you can manually add it to SCCM using the following steps.

Go to Administration / Site Configuration / Servers and Site System Roles
Right-click the Site System you wish to add the role
Click Add Site System Role in the Ribbon

On the General tab, click Next

On the Proxy tab, click Next

On the Site System Role tab, select Service Connection Point and click Next

In Online mode, the Service Connection Point automatically downloads updates that are available for your current infrastructure and product version, making them available in the SCCM console
In Offline mode, the Service Connection Point does not connect to the Microsoft cloud service and you must manually use the service connection tool when your Service Connection Point is in Offline mode to import available updates

On the Summary screen, wait for the setup to complete and close the wizard

ConnectorSetup.log – Information about role installation and that the Service Connection Point was created successfully

Now that all our site servers are installed, we are now ready to configure the various aspect of SCCM.

Part 19 – Plan and Configure Boundaries

We will start our configuration with the SCCM boundaries. First, let’s define what a boundary in SCCM is :

From Technet :

In MEMCM/SCCM, a boundary is a network location on the intranet that can contain one or more devices that you want to manage. Boundaries can be an IP subnet, Active Directory site name, IPv6 Prefix, or an IP address range, and the hierarchy can include any combination of these boundary types. To use a boundary, you must add the boundary to one or more boundary groups. Boundary groups are collections of boundaries. By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software, such as applications, software updates, and operating system images. A boundary does not enable clients to be managed at the network location. To manage a client, the boundary must be a member of a boundary group. Simple Boundaries on do nothing, they must be added to one or more boundary groups in order to work.

A boundary group is self-explanatory, it’s a group of boundaries used for site assignment and for content location. Beginning with SCCM 2012 R2 SP1 , a boundary group can direct your clients to their Distribution Points for content, State Migration Point , Preferred Management Point and Software Update Point . Prior to R2 SP1, Content location is used by client to identify available Distribution Points or State Migration Point based on the client network location.

To resume :

Site Assignment boundary group associates a resource to a site
Content Location boundary group is used to retrieve its deployment content (applications, packages, images, etc)

Before designing your strategy, choose wisely on which boundary type to use.

If you’re unsure which boundary type to use, you can read Jason Sandys’s excellent post about why you shouldn’t use IP Subnet boundaries.

Microsoft recommends the following :

When designing your boundary strategy, we recommend using boundaries based on Active Directory sites before using other boundary types. If boundaries based on Active Directory sites are not an option, use IP subnet or IPv6 boundaries. If none of these options are available to you, then leverage IP address range boundaries. This is because the site evaluates boundary members periodically, and the query required to assess members of an IP address range requires a substantially larger use of SQL Server resources than queries that assess members of other boundary types.
It’s also recommended to split your Site Assignment and Content location group.

SCCM Current Branch supports overlapping boundary configurations for content location.

When a client requests content, and the client network location belongs to multiple boundary groups, Configuration Manager sends the client a list of all Distribution Points with the content.

This behaviour enables the client to select the nearest server from which to transfer the content or state migration information.

In our various SCCM installations, our clients are often confused about this topic. Let’s make an example to help you understand :

Contoso has 1000 clients
1 Primary Site (Montreal)
3 remote offices with their local Distribution Point (New York, Chicago, Los Angeles)
Active Directory Sites are based on their site subnets (MTL,NY,CHI,LA)

In that scenario, we need to create 4 Boundary, 1 for each office :

Go to Administration / Hierarchy Configuration / Boundary
Right-click Boundaries and select Create Boundary

Tip: If you have multiple Active Directory Sites, IP Ranges or Subnets, you can enable Active Directory Forest Discovery which can create them automatically

Create Boundary Group

Now, we’ll create a Site Assignment Boundary Group and add all those AD Site. That way, all my clients for my 4 locations will be assigned to my Montreal Primary Site. For Content Location, we want clients to get their content locally at their respective location. We will create 4 Content Boundary groups, add only their AD Site Boundary and assign their local Distribution Point.

Here’s how to make this happen in SCCM :

Go to Administration / Hierarchy Configuration / Boundary Groups
Right-click Boundary Groups and select Create Boundary Groups

Create Site Assignment Boundary Group

We’ll start by creating a group for Site Assignment : SA – MTL
Click the Add bouton on the bottom
On the Add Boundaries screen , select all boundaries. This will direct all my clients to the Primary Site located in Montreal for Site Assignment

On the References tab, check the Use this boundary group for site assignment box
Select your assigned site. In my case : MTL

We’ll name our group Content Location – MTL
Select only the MTL boundary
The MTL boundary will be listed

On the References tab, uncheck the Use this boundary group for site assignment box
Click on Add at the bottom
Select the Site System that host the Distribution Point role for the Montreal site. For our example DPMTL01

Repeat the steps for the other sites (New York, Chicago, Los Angeles)
Once completed our clients are assigned to their local respective Site Systems

This is a simple but typical scenario. You can have multiples boundaries and Site System in your Boundary Groups if needed.

Part 20 – Configure Client Settings

This part will explain how to create a custom SCCM client settings and how to deploy it.

Client settings are used to configure your deployed agents. This is where you decide any configuration like :

Enabling hardware inventory agent
Enabling power settings options
Enable cloud services
Set scan schedules
BITS throttling

In previous versions of SCCM, client settings were specific to the site. You had 1 client settings that applied to all your hierarchy. In SCCM you can specify clients setting at the collection level. You can have different settings for specific collections, overlapping settings are set using a priority setting.

When you modify the Default Client Settings , the settings are applied to all clients in the hierarchy automatically. You do not need to deploy the Default Client Settings to apply it. By default, it has a 10000 priority value (This is the lower priority). All other custom client settings can have a priority value of 1 to 9999 which will always override the Default Client Settings . (The higher Priority is 1).

We won’t explain each client’s settings and their descriptions. The Technet documentation is pretty clear and many of the client settings are self-explanatory. We cannot make any recommendations either as each environment has its own needs and limitations. If you have any questions concerning a specific setting, use the comment section and we’ll try to help you so you can make the right decision for your organization.

When you deploy a custom client settings, they override the Default Client Settings .

Before you begin, ensure that you created a collection that contains the devices that require these custom client settings.

For our blog post, we will set the Client Policy polling interval to 15 minutes.

Go to Administration / Client Settings
On the top ribbon, click Create Custom Client Device Settings

In the Create Custom Device Settings page, specify a name for the custom settings and description
Select one or more of the available settings. We will select Client Policy

On the left pane, Client Policy will be displayed, click on it
We will set the Client Policy polling interval to 15 minutes

Your newly created setting will be displayed in the console

When you create a new client setting, it automatically takes the next available priority. (Beginning with 1) Before deploying it, make sure that your priority is well set for your needs. A higher priority (1) will override any settings with a lower priority. (9999). Don’t get confused 1 is higher !

To change the priority number :

On the top ribbon, select your client settings and click Increase Priority or Decrease Priority

You can see each client settings priority and if they are deployed in the same section

Now that your client settings are created, you need to deploy it to a collection. This new client settings will apply to only this collection and depending on the priority, will override the settings.

Select the custom client settings that you have just created
On the top ribbon, click Deploy

In the Select Collection dialog box, select the collection that contains the devices to be configured with the custom settings, and then click Ok
You can verify the selected collection if you click the Deployments tab on the bottom of the console

Client computers will apply your custom settings when they download their next client policy. You can trigger it manually to speed up the process.

Manually on the client

In Control Panel , click on the Configuration Manager icon
In the Action tab, select Machine Policy Retrieval & Evaluation Cycle
Click Run now

Using the SCCM Console

To initiate client policy retrieval by using client notification (Configuration Manager SP1+ only)

In the SCCM console
Go to Assets and Compliance / Device Collections
Select the device collection containing the computers that you want to download policy
Right-click a single device or the whole collection and select Client Notification and then Download Computer Policy

It’s possible to see which client settings are applied to a specific client. You must use the Resultant Client Settings function in the SCCM console.

We already cover this in a previous article .

Part 21 – Configure Discovery Methods

After you completed your SCCM installation, you certainly want to start managing some systems. The effective way to add them in SCCM is to configure SCCM discovery methods. This blog article will explain the various discovery methods and will describe how to configure it.

Here’s the official discovery methods definition from Technet :

SCCM discovery methods identifies computer and user resources that you can manage by using Configuration Manager. It can also discover the network infrastructure in your environment. Discovery creates a discovery data record (DDR) for each discovered object and stores this information in the Configuration Manager database.

When discovery of a resource is successful, discovery puts information about the resource in a file that is referred to as a discovery data record (DDR). DDRs are in turn processed by site servers and entered into the Configuration Manager database where they are then replicated by database-replication with all sites. The replication makes discovery data available at each site in the hierarchy, regardless of where it was discovered or processed. You can use discovery information to create custom queries and collections that logically group resources for management tasks such as the assignment of custom client settings and software deployments. Computers must be discovered before you can use client push installation to install the Configuration Manager client on devices.

In simple words, it means that SCCM needs to discover a device before it can manage them. It’s not mandatory to discover computers, if you manually install the client, it will appear in the console and it can be managed. The problem is that if you have a thousand computers, it can be a fastidious process. By using Active Directory System Discovery, all your computers will be shown on the console, from there you can choose to install the client using various SCCM methods . Of course, if you need information about your users and groups, you need to configure User and Group discovery, it’s the only way to bring this information in SCCM.

There are 5 Types of Discovery Methods that can be configured. Each one targets a specific object type (Computers, Users, Groups, Active Directory) :

Discovers computers in your organization from specified locations in Active Directory. In order to push the SCCM client to the computers, the resources must be discovered first. You can specify to discover only computers that have logged on to the domain in a given period of time. This option is useful to exclude obsolete computer accounts from Active Directory. You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD. You can read our blog post concerning this topic.

Go to Administration / Hierarchy Configuration / Discovery Methods
Right-Click Active Directory System Discovery and select Properties

On the General tab, you can enable the method by checking Enable Active Directory System Discovery
Click on the Star icon and select the Active Directory container that you want to include in the discovery process

A 7-day cycle with a 5 minutes delta interval is usually fine in most environment

This is useful if you have custom data in Active Directory that you want to use in SCCM

This is useful if your Active Directory isn’t clean. Use this to discover only good records

Discovers groups from specified locations in Active Directory. The discovery process discovers local, global or universal security groups. When you configure the Group discovery you have the option to discover the membership of distribution groups. With the Active Directory Group Discovery, you can also discover the computers that have logged in to the domain in a given period of time. Once discovered, you can use group information for example to create deployment based on Active Directory groups.

Be careful when configuring this method: If you discover a group that contains a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered. If the automatic client push is enabled, this could lead to unwanted clients’ computers.

To discover resources using this method:

Right-Click Active Directory Group Discovery and select Properties

On the General tab, you can enable the method by checking Enable Active Directory Group Discovery
Remember : If you discover a group that contains a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered.

The discovery process discovers user accounts from specified locations in Active Directory. You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD about your users. Once discovered, you can use group information for example to create user-based deployment.

Right-Click Active Directory User Discovery and select Properties

On the General tab, you can enable the method by checking Enable Active Directory User Discovery

A 7-day cycle with a 5 minutes delta interval is usually fine in most environment.

Discovers Active Directory sites and subnets, and creates Configuration Manager boundaries for each site and subnet from the forests which have been configured for discovery. Using this discovery method you can automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests. This is very useful if you have multiple AD Site and Subnet, instead of creating them manually, use this method to do the job for you.

Right-Click Active Directory Forest Discovery and select Properties

On the General tab, you can enable the method by checking Enable Active Directory Forest Discovery
Select the desired options

Heartbeat Discovery runs on every client and to update their discovery records in the database. The records (Discovery Data Records) are sent to the Management Point in a specified duration of time. Heartbeat Discovery can force the discovery of a computer as a new resource record, or can repopulate the database record of a computer that was deleted from the database.

HeartBeat Discovery is enabled by default and is scheduled to run every 7 days.

Right-Click Heartbeat Discovery and select Properties

Make sure that this setting is enabled and that the schedule run less frequently than the Clear Install Flag maintenance task.

The Network Discovery searches your network infrastructure for network devices that have an IP address. It can search the domains, SNMP devices and DHCP servers to find the resources. It also discovers devices that might not be found by other discovery methods. This includes printers, routers, and bridges.

We won’t go into detail of this discovery method as it’s old and depreciated methods. We never saw any customers using this method in production.

Part 22 – Configure Maintenance Tasks

Each Configuration Manager site supports maintenance tasks that help maintain the operational efficiency of the site database. By default, several maintenance tasks are enabled in each site, and all tasks support independent schedules. Maintenance tasks are set up individually for each site and apply to the database at that site. However, some tasks, like Delete Aged Discovery Data , affect information that is available in all sites in a hierarchy.

To set up maintenance tasks for Configuration Manager :

Go to Administration / Site Configuration / Sites
On the Home tab, in the Settings group, choose Site Maintenance

To set up the task, choose Edit , ensure the Enable this task checkbox is checked and set up a schedule for when the task runs.

To enable or disable the task without editing the task properties, choose the Enable or Disable button. The button label changes depending on the current configuration of the task.

When you are finished configuring the maintenance tasks, choose OK to finish the procedure.

This topic lists details for each of the SCCM site maintenance tasks :

Backup Site Server : Use this task to prepare for the recovery of critical data. You can create a backup of your critical information to restore a site and the Configuration Manager database. For more information, see our next section that covers it.

Check Application Title with Inventory Information : Use this task to maintain consistency between software titles that are reported in the software inventory and software titles in the Asset Intelligence catalog. Central administration site : Enabled

Clear Install Flag : Use this task to remove the installed flag for clients that don’t submit a Heartbeat Discovery record during the Client Rediscovery period. The installed flag prevents automatic client push installation to a computer that might have an active Configuration Manager client.

Delete Aged Application Request Data : Use this task to delete aged application requests from the database.

Delete Aged Client Download History : Use this task to delete historical data about the download source used by clients.

Delete Aged Client Operations : Use this task to delete all aged data for client operations from the site database. For example, this includes data for aged or expired client notifications (like download requests for machine or user policy), and for Endpoint Protection (like requests by an administrative user for clients to run a scan or download updated definitions).

Delete Aged Client Presence History : Use this task to delete history information about the online status of clients (recorded by client notification) that is older than the specified time.

Delete Aged Cloud Management Gateway Traffic Data : Use this task to delete all aged data about the traffic that passes through the cloud management gateway from the site database. For example, this includes data about the number of requests, total request bytes, total response bytes, number of failed requests, and a maximum number of concurrent requests.

Delete Aged Collected Files : Use this task to delete aged information about collected files from the database. This task also deletes the collected files from the site server folder structure at the selected site. By default, the five most-recent copies of collected files are stored on the site server in the Inboxes\sinv.box\FileCol directory.

Delete Aged Computer Association Data : Use this task to delete aged Operating System Deployment computer association data from the database. This information is used as part of completing user state restores.

Delete Aged Delete Detection Data : Use this task to delete aged data from the database that has been created by Extraction Views. By default, Extraction Views are disabled. You only enable them by using the Configuration Manager SDK. Unless Extraction Views are enabled, there is no data for this task to delete.

Delete Aged Device Wipe Record : Use this task to delete aged data about mobile device wipe actions from the database.

Delete Aged Devices Managed by the Exchange Server Connector : Use this task to delete aged data about mobile devices that are managed by using the Exchange Server connector. This data is deleted according to the interval that is configured for the Ignore mobile devices that are inactive for more than (days) option on the Discovery tab of the Exchange Server connector properties.

Delete Aged Discovery Data : Use this task to delete aged discovery data from the database. This data can include records that result from heartbeat discovery, network discovery, and Active Directory Domain Services discovery methods (System, User, and Group). This task will also remove aged devices marked as decommissioned. When this task runs at a site, data associated with that site is deleted, and those changes replicate to other sites.

Delete Aged Distribution Point Usage Data : Use this task to delete from the database aged data for distribution points that has been stored longer than a specified time.

Delete Aged Endpoint Protection Health Status History Data : Use this task to delete aged status information for Endpoint Protection from the database.

Delete Aged Enrolled Devices : Beginning with the update for 1602, this task is disabled by default. You can use this task to delete from the site database the aged data about mobile devices that haven’t reported any information to the site for a specified time.

Delete Aged Inventory History : Use this task to delete inventory data that has been stored longer than a specified time from the database.

Delete Aged Log Data : Use this task to delete aged log data that is used for troubleshooting from the database. This data isn’t related to Configuration Manager component operations.

Delete Aged Notification Task History : Use this task to delete information about client notification tasks from the site database when it hasn’t been updated for a specified time.

Delete Aged Replication Summary Data : Use this task to delete aged replication summary data from the site database when it hasn’t been updated for a specified time.

Delete Aged Passcode Records : Use this task at the top-level site of your hierarchy to delete aged Passcode Reset data for Android and Windows Phone devices. Passcode Reset data is encrypted, but does include the PIN for devices. By default, this task is enabled and deletes data that is older than one day.

Delete Aged Replication Tracking Data : Use this task to delete aged data about database replication between Configuration Manager sites from the database. When you change the configuration of this maintenance task, the configuration applies to each applicable site in the hierarchy.

Delete Aged Software Metering Data : Use this task to delete aged data for software metering that has been stored longer than a specified time from the database.

Delete Aged Software Metering Summary Data : Use this task to delete aged summary data for software metering that has been stored longer than a specified time from the database.

Delete Aged Status Messages : Use this task to delete aged status message data as configured in status filter rules from the database.

Delete Aged Threat Data : Use this task to delete aged Endpoint Protection threat data that has been stored longer than a specified time from the database.

Delete Aged Unknown Computers : Use this task to delete information about unknown computers from the site database when it hasn’t been updated for a specified time.

Delete Aged User Device Affinity Data : Use this task to delete aged User Device Affinity data from the database.

Delete Aged CMPivot Results : Use this task to delete from the site database aged information from clients in CMPivot queries .

Delete Aged Cloud Management Gateway Traffic Data : Use this task to delete from the site database all aged data about the traffic that passes through the cloud management gateway . This data includes:

The number of requests
Total request bytes
Total response bytes
Number of failed requests
Maximum number of concurrent requests

Delete Expired MDM Bulk Enroll Package Records : Use this task to delete old Bulk Enrollment certificates and corresponding profiles after the enrollment certificate has expired.

Delete Inactive Client Discovery Data : Use this task to delete discovery data for inactive clients from the database. Clients are marked as inactive when the client is flagged as obsolete and by configurations that are made for client status.

This task operates only on resources that are Configuration Manager clients. It’s different than the Delete Aged Discovery Data task, which deletes any aged discovery data record. When this task runs at a site, it removes the data from the database at all sites in a hierarchy.

When it’s enabled, configure this task to run at an interval greater than the Heartbeat Discovery schedule. This enables active clients to send a Heartbeat Discovery record to mark their client record as active so this task doesn’t delete them.

Delete Obsolete Alerts : Use this task to delete expired alerts that have been stored longer than a specified time from the database.

Delete Obsolete Client Discovery Data : Use this task to delete obsolete client records from the database. A record that is marked as obsolete has usually been replaced by a newer record for the same client. The newer record becomes the client’s current record.

Delete Obsolete Forest Discovery Sites and Subnets : Use this task to delete data about Active Directory sites, subnets, and domains that haven’t been discovered by the Active Directory Forest Discovery method in the last 30 days. This removes the discovery data, but doesn’t affect boundaries that are created from this discovery data

Delete Orphaned Client Deployment State Records : Use this task to periodically purge the table that contains client deployment state information. This task will clean up records associated with obsolete or decommissioned devices.

Delete Unused Application Revisions : Use this task to delete application revisions that are no longer referenced.

Evaluate Collection Members : You configure the Collection Membership Evaluation as a site component.

Monitor Keys : Use this task to monitor the integrity of the Configuration Manager database primary keys. A primary key is a column (or a combination of columns) that uniquely identifies one row and distinguishes it from any other row in a Microsoft SQL Server database table.

Rebuild Indexes : Use this task to rebuild the Configuration Manager database indexes. An index is a database structure that is created on a database table to speed up data retrieval. For example, searching an indexed column is often much faster than searching a column that isn’t indexed.

Summarize Installed Software Data : Use this task to summarize the data for installed software from multiple records into one general record. Data summarization can compress the amount of data that is stored in the Configuration Manager database.

Summarize Software Metering File Usage Data : Use this task to summarize the data from multiple records for software metering file usage into one general record. Data summarization can compress the amount of data that is stored in the Configuration Manager database.

Summarize Software Metering Monthly Usage Data : Use this task to summarize the data from multiple records for software metering monthly usage into one general record. Data summarization can compress the amount of data that is stored in the Configuration Manager database.

Update Application Available Targeting : Use this task to have Configuration Manager recalculate the mapping of policy and application deployments to resources in collections. When you deploy policy or applications to a collection, Configuration Manager creates an initial mapping between the objects that you deploy and the collection members.

These mappings are stored in a table for quick reference. When a collections membership changes, these stored mappings are updated to reflect those changes. However, it’s possible for these mappings to fall out of sync. For example, if the site fails to properly process a notification file, that change might not be reflected in a change to the mappings. This task refreshes that mapping based on current collection membership.

Update Application Catalog Tables : Use this task to synchronize the Application Catalog website database cache with the latest application information. When you change the configuration of this maintenance task, the configuration applies to all primary sites in the hierarchy.

Part 23 – Backup your Server after SCCM Installation

In the last part of this SCCM Installation Guide, we will setup automation backup for Configuration Manager sites by scheduling the predefined Backup Site Server maintenance task. This task has the following features:

Runs on a schedule
Backs up the site database
Backs up specific registry keys
Backs up specific folders and files
Backs up the CD.Latest folder

Plan to run the default site backup task at a minimum of every five days. This schedule is because Configuration Manager uses a SQL Server change tracking retention period of five days.

To simplify the backup process, you can create an AfterBackup.bat file. This script automatically runs post-backup actions after the backup task completes successfully. Use the AfterBackup.bat file to archive the backup snapshot to a secure location. You can also use the AfterBackup.bat file to copy files to your backup folder, or to start other backup tasks.

Site backup status information is written to the Smsbkup.log file. This file is created in the destination folder that you specify in the properties of the Backup Site Server maintenance task.

Go to the Administration workspace, expand Site Configuration
Click Site Maintenance Tasks in the ribbon.
Select the Backup Site Server task, and click Edit .
Select the option to Enable this task . Click Set Paths to specify the backup destination. You have the following options:
Local drive on site server for site data and database : Specifies that the task stores the backup files for the site and site database in the specified path on the local disk drive of the site server. Create the local folder before the backup task runs. The Local System account on the site server must have Write NTFS file permissions to the local folder for the site server backup. The Local System account on the computer that’s running SQL Server must have Write NTFS permissions to the folder for the site database backup.
Network path (UNC name) for site data and database : Specifies that the task stores the backup files for the site and site database in the specified network path. Create the share before the backup task runs. The computer account of the site server must have Write NTFS and share permissions to the shared network folder. If SQL Server is installed on another computer, the computer account of the SQL Server must have the same permissions.
Local drives on site server and SQL Server : Specifies that the task stores the backup files for the site in the specified path on the local drive of the site server. The task stores the backup files for the site database in the specified path on the local drive of the site database server. Create the local folders before the backup task runs. The computer account of the site server must have Write NTFS permissions to the folder that you create on the site server. The computer account of the SQL Server must have Write NTFS permissions to the folder that you create on the site database server. This option is available only when the site database isn’t installed on the site server.
Go to the Component Status node of the Monitoring workspace. Review the status messages for SMS_SITE_BACKUP . When site backup completes successfully, you see message ID 5035 . This message indicates that the site backup completed without any errors.
When you configure the backup task to create an alert when it fails, look for backup failure alerts in the Alerts node of the Monitoring workspace.
Open Windows Explorer on the site server and browse to <ConfigMgrInstallationFolder>\Logs . Review Smsbkup.log for warnings and errors. When site backup completes successfully, the log shows Backup completed with message ID STATMSG: ID=5035 .

It’s also possible to backup your SCCM server using SQL Maintenance task. The biggest advantage of this method is that it offers compression. Please read this blog post if you prefer this method. Be aware that this backup method doesn’t backup the CD.Latest folder which is important. You could also have both backup methods enabled if needed.

System Center Dudes offers numerous configurations guides and custom reports to ease your Configuration Manager day-to-day operations.

Consult our product page to see the complete list.

That conclude this SCCM Installation Guide, we hope that it was hepful. Feel free to leave your comment in the section below.

Only authorized users can leave comments

haverland389

Jonathan Lefebvre

Daniel Schindler

Two days ago, Microsoft had an outage affecting Intune AutoPilot Pre-Provisionning. Users...

SCCM can be used to deploy packages and applications on multiple computers. But as with any other...

Microsoft has released the first SCCM version for 2024 as the release cadence is now reduced to 2...

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours . We are open from Monday to Friday .

Consulting Services

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Thank you for your request. You will receive an email with more details. Take note that we normally work from Monday to Friday. We will get in touch with you as soon as possible.

Thank for your reply!

Something went wrong!

Elektrostal

City in moscow oblast, russia / from wikipedia, the free encyclopedia, dear wikiwand ai, let's keep it short by simply answering these key questions:.

Can you list the top facts and stats about Elektrostal?

Summarize this article for a 10 year old

Yekaterinburg
Novosibirsk
Vladivostok

Tours to Russia
Practicalities
Russia in Lists

Rusmania • Deep into Russia

Out of the Centre

Savvino-storozhevsky monastery and museum.

Zvenigorod's most famous sight is the Savvino-Storozhevsky Monastery, which was founded in 1398 by the monk Savva from the Troitse-Sergieva Lavra, at the invitation and with the support of Prince Yury Dmitrievich of Zvenigorod. Savva was later canonised as St Sabbas (Savva) of Storozhev. The monastery late flourished under the reign of Tsar Alexis, who chose the monastery as his family church and often went on pilgrimage there and made lots of donations to it. Most of the monastery’s buildings date from this time. The monastery is heavily fortified with thick walls and six towers, the most impressive of which is the Krasny Tower which also serves as the eastern entrance. The monastery was closed in 1918 and only reopened in 1995. In 1998 Patriarch Alexius II took part in a service to return the relics of St Sabbas to the monastery. Today the monastery has the status of a stauropegic monastery, which is second in status to a lavra. In addition to being a working monastery, it also holds the Zvenigorod Historical, Architectural and Art Museum.

Belfry and Neighbouring Churches

Located near the main entrance is the monastery's belfry which is perhaps the calling card of the monastery due to its uniqueness. It was built in the 1650s and the St Sergius of Radonezh’s Church was opened on the middle tier in the mid-17th century, although it was originally dedicated to the Trinity. The belfry's 35-tonne Great Bladgovestny Bell fell in 1941 and was only restored and returned in 2003. Attached to the belfry is a large refectory and the Transfiguration Church, both of which were built on the orders of Tsar Alexis in the 1650s.

To the left of the belfry is another, smaller, refectory which is attached to the Trinity Gate-Church, which was also constructed in the 1650s on the orders of Tsar Alexis who made it his own family church. The church is elaborately decorated with colourful trims and underneath the archway is a beautiful 19th century fresco.

Nativity of Virgin Mary Cathedral

The Nativity of Virgin Mary Cathedral is the oldest building in the monastery and among the oldest buildings in the Moscow Region. It was built between 1404 and 1405 during the lifetime of St Sabbas and using the funds of Prince Yury of Zvenigorod. The white-stone cathedral is a standard four-pillar design with a single golden dome. After the death of St Sabbas he was interred in the cathedral and a new altar dedicated to him was added.

Under the reign of Tsar Alexis the cathedral was decorated with frescoes by Stepan Ryazanets, some of which remain today. Tsar Alexis also presented the cathedral with a five-tier iconostasis, the top row of icons have been preserved.

Tsaritsa's Chambers

The Nativity of Virgin Mary Cathedral is located between the Tsaritsa's Chambers of the left and the Palace of Tsar Alexis on the right. The Tsaritsa's Chambers were built in the mid-17th century for the wife of Tsar Alexey - Tsaritsa Maria Ilinichna Miloskavskaya. The design of the building is influenced by the ancient Russian architectural style. Is prettier than the Tsar's chambers opposite, being red in colour with elaborately decorated window frames and entrance.

At present the Tsaritsa's Chambers houses the Zvenigorod Historical, Architectural and Art Museum. Among its displays is an accurate recreation of the interior of a noble lady's chambers including furniture, decorations and a decorated tiled oven, and an exhibition on the history of Zvenigorod and the monastery.

Palace of Tsar Alexis

The Palace of Tsar Alexis was built in the 1650s and is now one of the best surviving examples of non-religious architecture of that era. It was built especially for Tsar Alexis who often visited the monastery on religious pilgrimages. Its most striking feature is its pretty row of nine chimney spouts which resemble towers.

Plan your next trip to Russia

Ready-to-book tours.

Your holiday in Russia starts here. Choose and book your tour to Russia.

REQUEST A CUSTOMISED TRIP

Looking for something unique? Create the trip of your dreams with the help of our experts.

Top Stories More News
Today's National Outlook
Hurricane Tracker
Snow & Ski Forecast
Cold & Flu
Allergy Forecast
Fire Updates
Traffic Cameras
Weather Cameras
Outdoor Sports Guide

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

New-CMSchedule

Create a Configuration Manager schedule token.

Description

The New-CMSchedule cmdlet creates a schedule token in Configuration Manager. Create schedule tokens to schedule events with differing frequencies such as daily, weekly, and monthly.

To decode and encode schedule tokens into and from an interval string, use the Convert-CMSchedule cmdlet. You can then use the interval strings to set schedule properties when you define or modify Configuration Manager objects.

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\> . For more information, see getting started .

Example 1: Create a schedule token

This command creates a schedule token that specifies that the event occurs on the last day of the month at the specified date and time (Wednesday, August 5, 2020 17:46:03 Pacific Daylight Time).

Example 2: Create an offset schedule

The following example creates the following schedule:

Starts on the current date
On the second Monday of the month
Recurs once

Example 3: Create a schedule to run daily

This example creates a simple schedule that occurs daily forever. You can use this type of schedule when you deploy a configuration baseline.

Prompts you for confirmation before running the cmdlet.

-DayOfMonth

Specifies the day of the month when the event occurs. Valid values range from 0 through 31. The default value is 0 , which indicates the last day of the month.

Specifies the day of the week when the event occurs.

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling .

-DurationCount

Specifies the number of days during which the scheduled event occurs. Valid values range from 0 through 31. The default value is 0 , which indicates that the scheduled action continues indefinitely.

-DurationInterval

Specifies the time when the event occurs.

Specifies the date and time when the scheduled event ends.

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling .

Indicates that the time is Coordinated Universal Time (UTC).

-LastDayOfMonth

Indicates that the event occurs monthly on the last day of the month.

-Nonrecurring

Indicates that the scheduled event doesn't recur.

Use this parameter to configure an offset such as monthly by weekday. The range for parameter OffsetDays is 7 days.

-RecurCount

Specifies the number of recurrences of the scheduled event.

-RecurInterval

Specifies the time when the scheduled event recurs.

-ScheduleString

Indicates that the schedule token is converted to an interval string.

Specifies the date and time when the scheduled event occurs.

Specifies the week of the month when the event occurs. The default value is Last (0).

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

IResultObject

System.String

Additional resources

IMAGES

How to Deploy SCCM Updates?
Deploy Windows Server 2019 using SCCM Task Sequence
Pushing HP BIOS settings and updates with SCCM
SCCM Application Deployment
Deploy Windows Server 2019 using SCCM Task Sequence
Allow users to run the program independently of assignments sccm

VIDEO

smiling critters poppy playtime #4 memes tiktok compilation
How to Program Lexus Homelink
Morning Worship
India vs South Africa Live Match Kaise Dekhe
RCRT 1310 Community Program Assignment
Gym program assignment

COMMENTS

Deploy a task sequence
Applies to: Configuration Manager (current branch) ... Assignment schedule: For a Required deployment, specify when the client runs the task sequence. You can add multiple schedules. The assignment schedule can have one of the following configurations: ... Allow user to run the program independently of assignments: Specify whether a user can ...
Reoccurring deployment using assignment schedule : r/SCCM
I'm trying to create a re-occurring deployment, but am having some issues and just wanted to make sure I understand the deployment settings available. Basically, I'm trying to create a deployment that will run each night 1:00AM-4:00AM with WOL enabled. Can this be accomplished using the traditional Available/Expire assignment schedule.
How Deployment Deadlines Work in SCCM for Software Updates and ADRs
ADRs are used to accomplish the following tasks automatically: Filter out Software Updates according to a set amount of criteria from the database. Add the filtered out Software Updates to a Software Update Group. Download the Software Updates to a Deployment Package. Deploy the Software Update Group to a collection.
Controlling Program Deployment Execution Time
Controlling Program Deployment Execution Time. In System Center Configuration Manager (ConfigMgr) 2007 and beyond, the time that a program for a required deployment is enforced (or run) by the client is generally thought to be the assignment schedule time (s) defined within the deployment. As discussed in my Recurring Advertisements post, this ...
SCCM Program Package Assignment Schedule : r/sysadmin
SCCM Program Package Assignment Schedule. Hello there everyone, so I am not sure if what I am trying to do is possible, so I thought I throw it in the wild and see if I get anything. I have created a package using the PowerShell AppDeploy Toolkit and in SCCM it will run " Occurs the Second Tuesday of every 2 months " The Rerun behavior will be ...
Get ready for deployment
Applies to: Configuration Manager (current branch) Use the information in the following topics when you're ready to start planning your Configuration Manager deployment: Design a hierarchy of sites for Configuration Manager. Fundamentals of role-based administration for Configuration Manager. Fundamental concepts for content management.
Create SCCM Windows 10 Task Sequence
Open the SCCM Console. Go to Software Library \ Operating Systems \ Task Sequences. Right-click Task Sequences and select Create Task Sequence. On the Task Sequence wizard, select Install an existing image package. On the Task Sequence Information pane, enter the desired Name, Description and Boot Image. On the Install Windows pane, select the ...
Deploying Applications Using SCCM
The steps to create and deploy Applications using SCCM include. Launch the SCCM console. Select Software Library, Under Application Management select Applications. Right click Applications and select Create Application. Deploying Applications Using SCCM. Select Automatically detect information .. and choose the type as Windows Installer (Native ...
Run a Configuration Manager Package / Program at every logon for a user
To have the Program execute for every logon you need to have a reoccurring schedule for the Package in addition to the "Log on" option, so we added a Monthly reoccurring schedule as seen below. Deployment Options with Log on and Reoccurring schedule. Now, every time a user logs on to the Computer the Program is executed.
SCCM Updating Package source and Rerun Behaviour
1. I have a package which contains a login script which I update from time to time. I do some changes in the script then I do a "Update Distribution Points", which increments the "Source version" of the package. In the adverisement I have set the schedule as a Mandantory assignment and "As soon as Possible". The "Program rerun behavior" is set ...
Application deployment scheduling : r/SCCM
9 yr. ago. You already got your answer, but I also want to point out that you should be aware of time zone selection. IIRC, you can only specify local time for device collection deployments. We always need to make sure to add 4-5 hours depending on DST to user collection deployments to compensate.
New-CMTaskSequenceDeployment (ConfigurationManager)
Description. The New-CMTaskSequenceDeployment cmdlet creates a task sequence deployment. A task sequence deployment assigns a task sequence to a collection of computers. Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
ConfigMgr Program Rerun Behavior
If we use the results from above, specifically that the client maintained the status of the last program execution, it is logical to conclude that the program will not rerun because it already ran for the schedule in the advert. Let's find out. Remove from and Re-add to Collection: Always Re-run. Notice it starts with the policy being deleted ...
scripting
You can configure a Program to run "Only when a user is logged on" "Run with administrative rights" in the "Environment" properties of the program and to "Run once for every user who logs on" in the "Advanced" settings. Then in the deployment "Scheduling" settings create an assignment and choose "Assign immediately after this event" "Log on ...
Complete SCCM / MECM Installation Guide and Configuration
If you select to skip the role installation, you can manually add it to SCCM using the following steps. Go to Administration / Site Configuration / Servers and Site System Roles. Right-click the Site System you wish to add the role. Click Add Site System Role in the Ribbon. On the General tab, click Next.
File:Coat of Arms of Elektrostal (Moscow oblast).svg
Main page; Contents; Current events; Random article; About Wikipedia; Contact us; Donate; Pages for logged out editors learn more
Elektrostal
Elektrostal , lit: Electric and Сталь , lit: Steel) is a city in Moscow Oblast, Russia, located 58 kilometers east of Moscow. Population: 155,196 ; 146,294 ...
New-CMPackageDeployment (ConfigurationManager)
A schedule object defines the mandatory assignment schedule for a deployment. To create a schedule object, use the New-CMSchedule cmdlet. Type: IResultObject [] Position: ... This type is for computers with the Configuration Manager client. If the program for the package that you're deploying is a device-type program, use the DeviceProgram ...
Savvino-Storozhevsky Monastery and Museum
Zvenigorod's most famous sight is the Savvino-Storozhevsky Monastery, which was founded in 1398 by the monk Savva from the Troitse-Sergieva Lavra, at the invitation and with the support of Prince Yury Dmitrievich of Zvenigorod. Savva was later canonised as St Sabbas (Savva) of Storozhev. The monastery late flourished under the reign of Tsar ...
Moscow, Moskovskaya oblast', RU
Outdoor Sports Guide. Plan you week with the help of our 10-day weather forecasts and weekend weather predictions for Moscow, Moskovskaya oblast', RU.
Federal Register, Volume 89 Issue 91 (Thursday, May 9, 2024)
[Federal Register Volume 89, Number 91 (Thursday, May 9, 2024)] [Rules and Regulations] [Pages 40066-40195] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2024-09237] [[Page 40065]] Vol. 89 Thursday, No. 91 May 9, 2024 Part IV Department of Health and Human Services ----- 45 CFR Part 84 Nondiscrimination on the Basis of Disability in Programs or ...
New-CMSchedule (ConfigurationManager)
Description. The New-CMSchedule cmdlet creates a schedule token in Configuration Manager. Create schedule tokens to schedule events with differing frequencies such as daily, weekly, and monthly. To decode and encode schedule tokens into and from an interval string, use the Convert-CMSchedule cmdlet. You can then use the interval strings to set ...