Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

Downloading the latest System Center Endpoint Protection (SCEP) Definitions using PowerShell


SCCM Guru Webcast Q&A Answers


Sorry for the delay on this everyone. Here is the Q&A from my recent webcast.

Answers are from the following people:

Chris Nackers = CN

Ron Crumbaker = RC


Q: ­what’s the size of a standard boot image size? (145-180 MB)?­

RC: ­142MB out of the box­‑

CN: 32-bit – 120MB, ConfigMgr base 132MB

      64-bit 141MB, ConfigMgr base 153MB

Q: ­So, for boot images…why not just use one 64bit image instead of using a 32 bit?­

CN: 64-bit only supports the deployment of 64-bit OS’s, 32-bit will support the deployment of both 32-bit and 64-bit OS’s

Q: ­I have a Dell I deployed via OSD that has an ATI display adapter. It ended up with the Intel Integrated Graphics Adapter applications (igfxtray.exe, hkcmd.exe, igfxpers.exe) listed in startup in msconfig though it’s using the ATI driver- seen this happen?­

CN: Hard to answer without seeing how the TS is configured, off the top of my head, I could see a bad driver being injected via PNP, or if you had a driver package, it injected incorrect drivers as we will inject everything in the driver package. Or another possible issue is the result of a program/application being installed during the Task Sequence that caused the issue.

Q: ­Can the application mapping also automatically add the workstation to the SCCM Collection for the application?­

CN: None of the methods I covered (MDT/UDI) have a mechanism to do this.

Q: ­In the ideal scenario obviously the smaller boot image the better but what would he consider a reasonable boot image size for a 20 model environment?­

RC: ­You just don’t want it to be 500MB if you don’t need the drivers. Keep it as small as possible to get the right drivers­‑

RC: ­For 20 Greatly different models, then you might be around 150MB or so­‑

CN: I would expect somewhere in the neighborhood of 3-5 drivers added to the boot image to support 2-3 vendors and approximately 20 models.

Q: ­Mine is 137MB and I don’t know if its worth the trouble to change to save 2 seconds­

RC: ­That’s a good size­‑

CN: Yup, it’s a good size already, so unless you have needless added drivers I wouldn’t worry about it too much. Again part of the reason for testing drives is so that you don’t have drivers injected that you don’t need.

Q: ­Do you know of a good driver that works for broadcom 57xx netxtreme cards during OSD OS installer package?­

(I pinged Johan for this one because I knew he would know it off the top of his head)

Johan Arwidmark: For HP servers with the broadcom netextreme I use this driver for WinPE: cp013481, and this driver for Windows: cp014607

Q: ­Does application mapping support wild cards for the display name?­

CN: Yup, see this post:

Q: ­What is the best way to handle the "odd ball" application that very few people use once in a blue moon. Right now we struggle determining whether to load it by hand or make a package and do all that jazz that goes with it.­

RC: ­I personally prefer all software to come from Configmgr, that way you don’t get stuck needing to quickly getting it deployed­.  ­Plus it is reproducible­.

CN: Agreed, if you have everything else already packaged, then I would spend the time getting the odd-balls packaged as well. If you still have a large list of applications that need to be packaged, then I would consider the odd-ball to be a lowering priority. Or you can take the approach of deal with it as it comes along, you have to start somewhere on getting things managed and imported into ConfigMgr.

Q: ­Does User Device Affinity and Applications deployed to users bring some different things to the table now?­

CN: That could be a long answer if we really got into it. The short answer is for the methods we talked about in the webcast, MDT application mapping and UDI application mapping, UDA doesn’t really play a part since those mappings are done on a machine basis. UDA is supported by a ConfigMgr 2012 Task Sequence though, but the mapping methods aren’t hooked into UDA at all.

Q: ­How do you keep your reference wim image current with security patches?­

RC: ­Offline servicing is AMAZING!­‑

CN: If you are using ConfigMgr 2012, then offline servicing is your best friend. If you are not on ConfigMgr 2012, then we would hope you have a build and capture task sequence, so it’s still and automated process and you just need to spin off another image while you go to lunch.

Q: ­Chris, to deploy (select) an app in UDI with CM did you say you must have a deployment for that application existing already?­

CN: In order to add an Application to the UDI wizard, it must be deployed to the collection you have configured in the UDI Wizard Designer.

Q: ­when we PXE boot we get TFTP access violation error. do we need to set up TFTP on same server? we have TFTP set up on another server.­

CN: Here is by far the best troubleshooting guide I’ve seen for ConfigMgr PXE issues: TechNet Blog – Troubleshooting PXE

Q: ­Thanks so much guys. I did get to clean up our boot image based on some of the things you pointed out. someone had even added a few wireless drivers at some point to our image. LOL. Now our small boot image is even smaller. Thanks again.­

CN: J Yeah I don’t think you’ll need wireless drivers, but you are not alone, I’ve seen that a few times before!


Modifying the LiteTouch Wizard in MDT 2010 – Sample 1

Our friend The Deployment Bunny has a fantastic post up over on his blog about modifying the default MDT wizard.  He’s got some great examples of how to modify the wizard using the Wizard Editor.

Be sure to read his entire post here.

When I was working for a customer a while ago, they asked me if it was possible to modify the Wizard in MDT and of course I answered yes, since that is possible. They wanted many things and in this post I will cover the easy stuff. and that is reading from the existing environment and present it on screen during the deployment…

The requirements was pretty easy, something like…

-Could you help us to create a extra page in the wizard that will help the local tech to be able to see and verify that everything is correct when he is deploying the machine?

-You mean something like this?


-Yes, that would be ok, thank you.


USMT 4.0, Hardlink and Bitlocker in SCCM OSD

Michael Petersen has a really nice post on USMT 4, Hardlink and Bitlocker over on his blog. 

Read his full post here.

I’m often asked if its possible to use the USMT 4.0 hardlinking (keep backup file on the OS Disk), in combination with bitlocker..

I guess the reason for the question is, that one might think!

  • How can I do a backup of a machine, and keep the files on the encrypted drive, and then be able to reinstall that same drive with a new OS, ginning access to the backup that was on the encrypted drive?
  • How do I stage WinPE on the Bitlocked disk, and then gain access to that same disk for the OS installation part when inside WinPE.Or at least something like that?

The thing is, that not only is it possible, it will also save you the time it takes to encrypt the drive again, because, even though a new OS is applied to the disk, the encryption is still in effect…


Fix: Unable to delete the OSDStateStorePath folder in an OSD Task Sequence using USMT 4.0 with Hard Links in ConfigMgr 2007

Read the original post here, contributed by:

Clifton Hughes | Senior System Center Support Engineer

When using Hard Links for User State Migration, attempting to remove the OSDStateStorePath folder after restoring the users data in a Task Sequence may fail or appear to hang.

Note: This is in reference to the steps listed in this article:

The command .\%PROCESSOR_ARCHITECTURE%\usmtutils.exe /rd %OSDStateStorePath% may appear to hang unless you configure a timeout value on the Run Command Line step, and/or it may fail with one of the following errors or warnings depending on how the Task Sequence Advertisement is configured:

SMSTS.log may show one of the following errors or warnings.

Warning: This command is going to delete the following list of path(s).
Please review before continuing…
Are you sure you want to proceed (Y/N)?

If you do not configure a timeout value, it will hang at this point, however, since you cannot see the prompt for user input you cannot continue.

Or, if you configure a timeout value on the Run Command Line step, you may see this error in the SMSTS.log

This operation returned because the timeout period expired. (Error: 800705B4; Source: Windows)

The amount of detail you see in the log will also depend on how you have configured the Advertisement for the Task Sequence. If the Advertisement is configured to Download content locally when needed by running the task sequence (commonly referred to as Download and run locally) then you will not see as much detail on the command line being run. However, if you select Access content directly from a distribution point when needed by the running task sequence (commonly referred to as Run from DP), then you will get more details on the command line being run, and it may show the prompt "Are you sure you want to proceed (Y/N)?" in the SMSTS.log. If you tried adding the cmd.exe /c echo Y | in front of the command and still try to use the Run from DP option, the command will fail with a Path not found error.


There are two things we are trying to overcome with this issue when running the USMTUTILS.EXE command from a ConfigMgr 2007 OS Deployment Task Sequence:

1. This command requires user input in order to delete the OSDStateStorePath folder and does not seem to support any command line switches to bypass this prompt.

2. Although we are able to use the echo command to pass the Y for yes to the command line step using cmd.exe /c echo Y | "command", this will only work if the Advertisement is configured to Download content locally when needed by running the task sequence (commonly referred to as Download and run locally). If you select Access content directly from a distribution point when needed by the running task sequence (commonly referred to as Run from DP) this step will fail. This is due to the echo command we are needed to pass, it is a built in command in the command interpreter, cmd.exe, so that is why we must specify the cmd.exe /c in the beginning of the command line, as this is not present in the package on the DP.


Note: This will only work if the Advertisement is configured to Download content locally when needed by the running task sequence (commonly referred to as Download and run locally). If you select Access content directly from a distribution point when needed by the running task sequence (commonly referred to as Run from DP) this step will fail.  This is because  the echo command we need  to pass is a built in command in the command interpreter, cmd.exe,  We must specify the cmd.exe /c in the beginning of the command line since this is not present in the package on the DP.

NOTE: Data Loss Warning, do not select Continue on error on the Restore User Files and Settings!  It is also important to not select “Continue on error” on the Options tab, or  “Continue if some files cannot be restored” on the “Properties” tab of the “Restore User Files and Settings” task sequence step, Selecting these options will allow the next task sequence step to delete the User Files and Settings even if they are not successfully restored.

This resolution assumes you have already successfully configured and tested an OS Deployment with ConfigMgr 2007 SP2 using Hard Links with USMT 4.0 . If not, follow the steps to configure the OSDStateStorePath, OSDMigrateAdditionalCaptureOptions, and OSDMigrateAdditionalRestoreOptions variables for using Hard Links with USMT 4.0 in ConfigMgr 2007 SP2:

To add a step that should successfully remove the User State folder after the User Files and Settings are restored, follow these steps:

1. In the Task Sequence Editor, after the Restore User State step, click Add, navigate to General, and then click Run Command Line action. Type the following in the Run Command Line action:

2. Type the following in the Command line field:

cmd.exe /c echo Y | ".\%PROCESSOR_ARCHITECTURE%\usmtutils.exe" /rd "%OSDStateStorePath%"

3. Select the Package check box.

4. In the Select a Package dialog box, browse to the USMT 4.0 package, and then click OK.

Although we are able to use the echo command to pass the Y for yes to the command line step using the command line step:

cmd.exe /c echo Y | ".\%PROCESSOR_ARCHITECTURE%\usmtutils.exe" /rd "%OSDStateStorePath%"


Core Configurator 2.0 for Server 2008 R2

Another colleague sent a link for this awhile back and I’ve been meaning to blog about it for quite some time.

Download the tool and read the original post here.

We are pleased to announce the latest version of Core Configurator built and designed for Windows Server 2008 R2 x64 Core edition!

It is completely open source so it can be amended and change to fit your requirements, this version has been a year in the making and has been written in powershell with a reference to Winforms so that a GUI format is displayed.

The primary focus of this project is to try and get feedback and contributions back from the community to make this a tool the best/ free tool everyone will want in there toolkit, so if you have some code or features that you might want included then please leave a comment and we will get in touch.
Core Configuration tasks include:

  • Product Licensing
  • Networking Features
  • DCPromo Tool
  • ISCSI Settings
  • Server Roles and Features
  • User and Group Permissions
  • Share Creation and Deletion
  • Dynamic Firewall settings
  • Display | Screensaver Settings
  • Add & Remove Drivers
  • Proxy settings
  • Windows Updates (Including WSUS)
  • Multipath I/O
  • Hyper-V including virtual machine thumbnails
  • JoinDomain and Computer rename
  • Add/remove programs
  • Services
  • WinRM
  • Complete logging of all commands executed



PowerEvents for Windows PowerShell

What is PowerEvents?

PowerEvents is a Windows PowerShell v2.0 module designed to facilitate the ease of creating, updating, and deleting WMI (Windows Management Instrumentation) permanent event registrations. PowerEvents makes it easy to create WMI event filters (define the events you want to capture) and event consumers (responders to events), and then bind them together to initiate the flow of events. By leveraging permanent event registrations, you can perform advanced monitoring functions on a workstation or server, that would otherwise require implementation of an enterprise monitoring product. Because WMI is incredibly vast in the information it provides, very detailed monitoring can be performed using almost any of the WMI objects that exist on a computer.

What are WMI Permanent Event Registrations?

A little-known capability of the WMI service, is its capability to create a permanent registration (listener) for events, and then automatically respond to those events. At a very basic level, it’s "if X happens, do Y" but in this case, it’s all built into WMI, without the need for any additional software.

What Can I Monitor with PowerEvents?

WMI contains a vast amount of information about the Windows operating system, the hardware underneath it, and applications that extend WMI.
Here are a very few examples of events that you can monitor in WMI:

  • Microsoft Active Directory
    • Changes in group policy configuration on GP clients
    • Users created or deleted
    • Computer accounts moved
  • Microsoft System Center Configuration Manager
    • Package created, deleted, or modified
    • Advertisement created, deleted, or modified
    • Collection created, deleted, or modified
  • Monitor Disk Events
    • USB flash (UFD) or eSATA drive plugged in or removed
    • Detect shrink or expansion of partitions
  • Monitor Processes
    • Start/stop events
    • Change in process priority
    • Working set (memory utilization) increase/decrease or exceeds "X" value
    • I/O operations increase or exceed a certain value
  • Windows Services
    • Start / stop events
    • New service installed or removed
    • Service start type changed
  • Device changes
    • Detect addition or removal of devices
  • Print jobs
    • Detect new job or finished job
    • Changes in job status
  • Software & Patches
    • Software installed or removed
    • New patches installed
  • Operating System
    • New reliability records created
    • New game registered with Windows 7 Games Explorer
  • User Events
    • User logon / logoff
    • User attributes
  • Network
    • IP address changed
    • Default gateway changed
    • Network adapter added or removed
    • Server Message Block (SMB) session created or ended
  • ODBC Data Sources
    • Created or removed
    • Driver installed
    • Configuration changed
  • Threads
    • Creation or termination
    • Thread state changes
  • Microsoft Distributed File System (DFS)
    • Last replication time changes
    • Errors during replication
    • Volume serial # changes
Why Should I use PowerEvents?

Because it’s awesome! In all reality, the capabilities of this module are quite vast, only limited by the information available in WMI. Because many applications extend WMI through WMI providers, these can be not just managed, but also extensively monitored. Additionally, the Windows operating system itself makes extensive use of WMI to provide system information to applications. Through this, you can discover and monitor almost anything you’d want to know about your workstation or server!

  • Microsoft Active Directory (AD)
  • Distributed FileSystem (DFS)
  • Microsoft DNS
  • System Center Configuration Manager (SCCM or ConfigMgr)
  • Internet Information Services (IIS) 6 / 7
  • Windows XP / Vista / 7
  • Windows Server 2003 / 2008 / 2008 R2
About the Author

Trevor Sullivan has 7 years of experience in the Information Technology field, and has worked primarily with Microsoft products such as Active Directory, Group Policy, System Center Configuration Manager 2007, Microsoft Deployment Toolkit (MDT) 2010, VBscript, Windows PowerShell, and C#/.NET. Trevor is passionate about sharing with community, and is an active community participant in a variety of mailing lists, forums, blogging, Twitter (@pcgeek86), and other social media outlets.

Follow Trevor on Twitter:
Trevor’s Blog (Art of Shell):
Trevor’s Blog (WordPress):


Configuration Manager (ConfigMgr) Branch Distribution Point (BDP) Creation Tool

I just found out about this tool from a colleague this week.  Very cool tool, definitely something to look at if you are creating a lot of BDP’s.

ConfigMgr Brand DP Add

BDPAdd is a tool that will bulk add protected branch distribution points to a ConfigMgr 2007 (SCCM) hierarchy. There is currently not a way, in the ConfigMgr console, to add multiple protected Branch distribution points at once. This tools attempts to address that problem. (Note: The tool could be easily modified, if needed, to add unprotected branch DPs. I needed protected Branch DPs though, so that’s what I wrote this for.
This tool was written in C# and requires the .NET framework 2.0

Running the tool
BDPAdd.exe /s {central site server} /file {excel file} /log {path}
/s Central Site Server name.
/file Path to Excel files.
/log Log file path.

  • The input for this tool is an Excel 2003 spreadsheet and there are some requirements for the format of this spreadsheet. Review the example spreadsheet, bdpexample.xls, attached. Any deviation from this will either produce errors or unexpected resutls.
  • All output from this tool is written to the log file only. (The Trace utility from the ConfigMgr toolkit can be used to view the log)