Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

Configuration Manager 2012: Searching the TechNet Documentation

It can certainly be challenging at times to find what you need in the massive reference known as TechNet.  The search box that is provided searches all of TechNet, not just the section you happen to be in, which is unfortunate. However, thanks to Carol Bailey (Principal Technical Writer for ConfigMgr) there are a few nifty search strings you can use to help narrow down your results.  I’ve been using these for a little bit now and they work really really well for me.

Search the Configuration Manager Documentation Library

Find information online from the Documentation Library for System Center 2012 Configuration Manager.

This customized Bing query scopes your search so that you see results from the Documentation Library for System Center 2012 Configuration Manager only. It uses the search text Configuration Manager, which you can replace in the search bar with your own search string or strings, and choice of search operators, to help you narrow the search results.

Example Searches

Use the Find information online link and customize the search by using the following examples.

· Single search string: To search for topics that contain the search string Endpoint Protection, replace Configuration Manager with Endpoint Protection:

("Endpoint Protection") meta:search.MSCategory(gg682056)

· Combining search strings: To search for topics that contain the search strings Endpoint Protection and monitoring, use the AND operator:

("Endpoint Protection") AND ("monitoring") meta:search.MSCategory(gg682056)

· Alternative search strings: To search for topics that contain the search string Endpoint Protection or monitoring, use the OR operator:

("Endpoint Protection" OR "monitoring") meta:search.MSCategory(gg682056)

· Exclude search strings: To search for topics that contain the search string Endpoint Protection and exclude topics about monitoring, use the NOT operator:

("Endpoint Protection)" NOT ("monitoring") meta:search.MSCategory(gg682056)

Search Tips

Use the following search tips to help you find the information that you need:

· When you search on a page in TechNet (for example, press Ctrl-F1, and enter search terms in the Find box), the results exclude text that is in collapsed sections. If you are using TechNet in Classic view, before you search on the page, click Expand All at the top of the page, before the topic title. By default, you must first click Collapse All, and then you can click Expand All. With all sections expanded, search on the page can then search all sections on that page. If you are using TechNet in Lightweight view, this configuration does not support the Expand All option and you must manually expand individual sections that are collapsed before search on the page finds text in those sections.


To change from TechNet Lightweight view (the default) to Classic view, click the Preferences icon at the top of the page, click Classic, and then click OK.

· To search a topic in the help file, press F1, and enter search terms in the Find dialog box. The help file does not support the Expand All option and you must manually expand individual sections that are collapsed before search on the page finds text in those sections.

· Whenever possible, use the TechNet online library rather than downloaded documentation. TechNet contains the most up-to-date information and the information that you are searching for might not be in the downloaded documentation or there might be corrections or additional information online.


MDT 2012 Beta 2 Released


MDT 2012 Beta 2 Released – The Deployment Guys – Site Home – TechNet Blogs

The latest version of MDT is now available on Connect (Join the MDT 2012 Beta 2 Connect program here!)

MDT 2012 Beta 2 offers new User-Driven Installation components and extensibility for Configuration Manager 2007 and Configuration Manager 2012 as well as integration with the Microsoft Diagnostics and Recovery Toolkit (DaRT) for Lite Touch Installation remote control and diagnostics.

Key benefits include:

  • Full use of the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
  • Improved Lite Touch user experience and functionality.
  • A smooth and simple upgrade process for all existing MDT users.

New features For System Center Configuration Manager customers:

  • Support for Configuration Manager 2012 (while still supporting Configuration Manager 2007)
  • New User-Driven Installation components for Configuration Manager 2007 and Configuration Manager 2012
    • Extensible wizard and designer, additional integration with Configuration Manager to deliver a more customized OS experience, support for more imaging scenarios, and an enhanced end-user deployment experience
  • Ability to migrate MDT 2012 task sequences from Configuration Manager 2007 to Configuration Manager 2012

New features For Lite Touch Installation:

  • Integration with the Microsoft Diagnostics and Recovery Toolkit (DaRT) for remote control and diagnostics
  • New monitoring capabilities to see the progress of currently running deployments
  • Support for deploying Windows to computers using UEFI
  • Ability to deploy Windows 7 so that the computer will start from a new VHD file, “Deploy to VHD”
  • Improved deployment wizard user experience

MDT 2012 Beta 2 will be available for beta download through to January 2012.  

Already using the Microsoft Deployment Toolkit? the MDT team would like to hear about your experiences. Please send comments and suggestions to

This post was contributed by Richard Smith, a Principal Consultant with Microsoft Services UK


Automatically populate the SCCM Client Patch property during OSD

One of my previous posts has been incredibly popular.  I worked with Michael Murgolo on testing a great ConfigMgr hotfix that would automatically apply hotfixes during a ConfigMgr OSD Task Sequence. 

Matt Benninge has created a new version of the hotfix script with some very nice feature adds.  Matt added the following features:

  • Hotfixes are installed in order based one numbers. So my script installs KB2000 after KB98 where Michael’s would do the opposite.
  • I always assume that the OS-disk will end up as C:, Michael’s script would not work if you had a Bitlocker partition during WinPE that was C: and OS as D: which then would become C: only after system had booted into “full OS”.
  • You have the ability to exclude hotfixes with my script
  • Limitation: The Hotfixes must all be located in a folder starting with “KB”, if this is not true that hotfix will be ignored.

My original post on how to install still holds true, and Matt has a post on how to use the script and some of his new features posted here.


Getting more into DVD Media Based Deployment

Great post over on The Deployment Guys

Read the full post here.

One of the great features of MDT 2010/2012 is the ability to create a media based deployment  – this media based deployment can be placed on a USB based memory device (HDD or Fob) or onto a DVD. This allows the MDT based deployment to run from this removable media which is great for badly connected environments or portable build requirements.

Many customers I work with like to use DVD media based deployment as MDT 2012/2012  automatically creates a .ISO file that can be burnt to DVD and in most cases this gives them up to 8.5 GB on a dual layer DVD – it’s also a cheap deployment mechanism. However there are some occasions where this amount of DVD space just isn’t enough and a combination of image size and MDT distribution share content pushes the requirement for storage over the limit of the DVD. You could at this point switch to using USB based devices or you can read on and use the solution discussed in this post.


Known Issue and Workaround: Duplicate Records When You Use Unknown Computer Support with Active Directory Delta-Discovery

Really great post over on the System Center Configuration Manager Team Blog.

Read the full post here.

This post describes how and when you might see duplicate records when you use unknown computer support with Active Directory Delta-Discovery in Configuration Manager 2007 R3, what problems you might see, and some suggested workarounds.

Unknown computer support is an operating system deployment feature that was introduced in Configuration Manager 2007 R2.  It allows you to find unmanaged computers so that you can install an operating system on them, and optionally, install the Configuration Manager client: Active Directory Delta Discovery is a new feature in Configuration Manager 2007 R3 that enhances the discovery capabilities of the product by discovering only new or changed resources in Active Directory Domain Services instead of performing a full discovery cycle:

If you use these two features at the same time, you might see duplicate records for the unknown computer in Configuration Manager database.  In this scenario, you will see two records in the Configuration Manager console that have the same name of the computer that installed an operating system by using unknown computer support: One record shows that it is a client and assigned; the other record shows that it is not a client and not assigned.


Setting Environment Variables in a Task Sequence

Michael Murgolo has a nice post over on The Deployment Guys blog.

Read the full and download the example script here.

Some tools require setting an environment variable when they are used.  For example, the User State Migration Tool has several that can be used for troubleshooting.  One is discussed in the Ask the Directory Services Team blog post here.  Unfortunately, the built-in MDT or ConfigMgr Task Sequence steps for capturing and restoring the user state don’t allow you to set environment variables.

Trying to set the environment variable using a script in a preceding step will not work.  If you set an environment variable in the script (e.g. using the SET command in a command shell script) it will only be set for that script.  The task sequencer parent process will not inherit the environment variable, so neither will subsequent steps.  Setting a System (or master) environment variable will have the same issue.  The task sequencer will not inherit the new master environment.   However, if you restart the computer after setting the System environment variable then task sequencer will inherit the updated System environment variables.

So the process for using an environment variable with something like USMT is to have steps before the steps that run the tool (the user state capture and restore steps in this case) that set the variable in the System environment and then restart the computer.  This is shown in the steps prefixed with Custom: in the sample MDT Lite Touch Task Sequence below.



Message Box Script for Lite Touch Task Sequences

Michael Murgolo has a new post over on The Deployment Guys Blog.

Read the full post here.

I recently had the need to pop up a message box duing an LTI task sequence.  I was creating a stand-alone wizard to allow a manually-initiated launch of a task sequence that would install the Service Pack 1 update on Windows Server 2008 R2.  As part of this task sequence, if a certain software package was of a certain version or earlier we had to reinstall this software after the service pack installation.  If this installation was not going to happen because a newer version was already installed, the customer wanted to notify the technician at the end of the process.  Since this was to be a simple notification, a message box was sufficient.  I could have simply created a VBScript that had a static MsgBox function call for this purpose.

However, I decided that I would make it more reusable than that.  Instead I created an MDT script that would take the input arguments for the the MsgBox function as command line parameters.  That way the script could be reused any time a message box was needed.  The script can also optionally use the MsgBox return value as the script exit code and/or use it as the value for a task sequence variable.


This post was contributed by Michael Murgolo, a Senior Consultant with Microsoft Services – U.S. East Region


System Center Updates Publisher 2011 Screencasts


Back To Basics 5: Restricting Task Sequence Usage

Great post over on The Deployment Guys by Daniel Oxley.

Read the full post here.

This post was contributed by Daniel Oxley, a Senior Consultant with Microsoft Services UK

Often the simplest tips are the best ones, so here is one I have been using pretty much ever since I started working with MDT.

When working as part of a team in the same MDT environment, you can often run into issues when various people are modifying the task sequence, or debugging a process that is part of it. My own method to mitigate this issue is to fork the "official" task sequence, creating my own one, in order to separately realise testing or to simply try something out, before feeding changes back into the main task sequence.

The downside to this method is that, by forking the task sequence, the new forked one also appears in the list of task sequences and thus allows somebody to accidentally run it, possibly causing undesired results to their computer (such as formatting it!). Therefore, in order to prevent this situation, I always introduce some simple validation tasks into the task sequence, typically right at the start. These validation steps perform a simple query to check if a computer is "authorised" to run the task sequence or not. My authorisation method is usually based on the MAC address of the computer, but it really can be any value that you like.

The best thing about this tip is it’s simplicity. As you can see in the screenshot below, it only consists of two tasks (the Gather task is actually only required if you have not already run a previous Gather task), and a Run Command Line task. You’ll notice that the command line is incorrect. This is intentional and not an error, and if MDT attempts to run this command line it will fail the task sequence execution.

Here are the steps I use to implement this:

  1. Create a new Task Sequence Group called "Authorised Computer Verification".
  2. Add a Gather task (if necessary).
  3. Add a Run Command Line task, with a command line like the one shown above.
  4. On this same task, switch to the "Options" Tab. On this screen you can add your own personalised conditions, or use the same MAC address conditions that I have used, as shown below.

Notice that the condition is actually a negative. Consequently, when a computer runs the task sequence, this task will only execute if the MAC address of the computer does not match one that is in the list. And because the command line of the task is erroneous, MDT will fail at this point, thus preventing the unknown, or unauthorised, computer from continuing.

When working with MDT and Configuration Manager, you could restrict use of a task sequence by only advertising it to a collection built using direct membership. However, there might be situations where you can’t or don’t want to use this collection method. This tip works equally well in a ZTI environment if you wish to use it that way, however you might need to add an additional "Use Toolkit Package" task before the Gather step.

Finally, there are other methods to achieve the same result, such as using the CustomSettings.ini file; the reason I do it this way is because its implementation is so quick and simple.


Migrating User Settings from Office 2003 to a Sequenced Version of Office 2010 running under App-V

Richard Smith has a nice post over on The Deployment Guys blog. 

Read the full post here.

Scenario1 – The Office Only Upgrade

You work in the IT department for large organisation which has an Standard Operating Environment (SOE) based on Windows XP and Office 2003. This is still a fairly common (although thankfully dying) situation. Your organisation is looking to upgrade to Office 2010, however there are some considerations. How do you know you’ve identified all critical Office files and checked their compatibility? Are you aware of every Office add-in being used in your environment? In order to proceed, you decide to leverage your investment in Software Assurance and MDOP, using App-V to deploy Office 2010 along side Office 2003. This will allow your users to get to know Office 2010 and identify any potential compatibility issues, without taking away their existing productivity suite. If something doesn’t work, you can instruct your users to simply keep editing that particular spreadsheet in Excel 2003 until the issue is resolved. This approach will also help you to support your  users adjustments to the change(s), by allowing them access to Office 2003 ‘just in case’.

Scenario 2 – The Windows 7 and Office 2010 Upgrade

OK, say you now work in the IT department for a different large organisation. Unfortunately, like in the first scenario, this company still has an SOE based on Windows XP and Office 2003. However this time you have the IT Director on your side and he/she is keen as mustard to upgrade the whole fleet to Windows 7 and Office 2010. Your organisation has a large number of sites, with varied desktop requirements, so you will need to deploy a light-weight, flexible SOE. You once again decide to leverage your investment in Software Assurance and MDOP. This time you can create a base Windows 7 image without any Microsoft Office products installed (as this will save you a few gigs in your WIM). You sequence Office 2010 using App-V with the intention of streaming the applications only to those PC’s that require them. Things are looking good… your department stands to realise significant savings from reduced software licenses, you have a flexible and efficient SOE ready to go…. the IT Director will be pleased…. maybe it’s time to ask for a pay rise?

So… do either of these scenarios sound familiar? If you’ve gone down these paths you’ve likely been faced with the challenge of migration settings from Office 2003. Take App-V out of the equation and this is a fairly straight forward concept, Office 2010 applications will migrate settings from previous versions the first time they launch… simple. With Office delivered through App-V however it’s a very different story. Sequence Office 2010 either by following the guidance on TechNet, or by using the new Package Accelerator (cool) and you’ll find that none of your user settings get migrated. Essentially, there are 2 reasons for this. First, during the sequencing process, we launch various Office applications a number of times. As such, when the applications launch for the first time on the user’s computer under App-V, they don’t exhibit their normal ‘first run’ behaviour, as it was performed already during sequencing. Second, even if the Office applications tried to perform their ‘first run’ actions, they wouldn’t be able to see the registry keys containing Office 2003 user settings, as these would be overridden by the Office 2010 information in the virtual registry.

In this post I will explain the steps required to deploy Office 2010 using App-V, in a manner that allows each user’s Office 2003 settings to be migrated across. To avoid re-inventing the wheel, I’m going to assume you are already familiar with the Microsoft Office Customization Tool (OCT), which we’ll use as part of the solution. If you haven’t used OCT before, I’d suggest take a look at this TechNet article, which has plenty of technical details and videos. I’m also going to assume that you are familiar with sequencing App-V packages, specifically Office 2010. Microsoft provide some fairly explicit guidance in this TechNet article. OK, let’s make this happen!! This solution is essentially a big ‘’Jedi Mind Trick’ (These aren’t the registry keys you’re looking for). We need to trick the sequenced version of Office 2010 into behaving the way we want. We need to trick it into thinking that Office 2003 was previously installed so it will attempt to migrate settings at ‘first run’. We also need to trick it into thinking that it has never launched before, even though it has, during the sequencing process.