[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.

Share tech news, updates, or what's on your mind.

Sign up to Post

I would like to know how to manage patch management (eg. a group of servers with different flavours of operating system).
Also how to re-check updates after the first patch of updates have been installed.
Also how to force check back to reporting services to gain accurate result if they are compliant or not.
Python 3 Fundamentals
LVL 12
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Hello all,we are trying to add collection parameter for sccm report. How can i achieve this.regards
Hi All,

I need Microsoft System Configuration Center Manager (SCCM) 2007 installation package but I can't find it anywhere.
Does it anyone have the SCCM 2007 please?

George Gabra
Hi Team,

We have recently implemented a new sccm infrastructure with a primary site and a secondary site (for the branch location). Boundary groups are created with IP subnets / AD site and associated with appropriate sccm sites. The system discovery works fine, the secondary site clients are assigned with the secondary site code during discovery and the clients which comes under primary site are assigned with primary site code. As it is a testing phase we have not enabled automatic client deployment.

The issue is when we do client push to the clients assigned with secondary site (or manually initiated a client push from the secondary site), it fails with the below errors during the BITS download -
BG error context is 5
Download Update: A recoverable error has occurred.  A retry attempt will be made. Error: 0x80072f76, Description The requested header was not found, Context: The error occurred while the remote file was being processed.." .
I have checked the ccmsetup.log file in the client machine and confirmed that it detects correct MP and DP (secondary site).

When we manually select the primary site and push the client to the same station (discovered by the secondary site code), it works fine. Also, during the installation it detects the secondary site as DP and fetches the required installation files via BITS from the secondary site servers. It uses the primary site server only to copy the initial files like mobileclient.tcf and ccmsetup.exe. In this case …
Hi all! I'm having an issue with our SCCM Current Branch server when it comes to downloading updates. I am a new Network Engineer so any help would be greatly appreciated.

Situation: So I have a software Update Group already created with what updates I want it to download. When I try to download those updates I get the error as seen in the attachment.

So what can I do to help resolve this issue?
PXE Issue on SCCM Distribution Point. I have an SCCM working fine, but now when were trying to do a image deployment, but it fails. Seems to be related to this error:
I am currently with Ivanti formally known as Shavlik patch management.  My 3 year is about to expire, what I was paying for 3 years is now what I will have to pay for 1 year so we can not continue with Ivanti.   Does anyone have any recommendations on a patch management system that has a reasonably  price structure?

Dump question, I need to update .NET on Windows 10 machines using SCCM, but when I look under "All Software Updates" and do a search for .NET I am only seeing a bunch of .NET updates for Win7, 8, and Server OS's, nothing for Windows 10. Windows 10 is one of the products that is highlighted under my environment and I can see all the normal security, critical, rollups, etc for Win 10. Am I missing something? Are .NET updates under a different classification for Win 10?

Thanks in advance,
I am using SCCM 1806. there is a secondary server which has around 13k objects to manage

each boundary group has its own DP so that client systems need not be download the contents from sec server

on boundary group relationship I have set never fall back to sec server default group for content

still some clients download the data from secondary site. total size of the data for 7 days is 1567GB. some of the clients has downloaded 8 to 10 GB from secondary site. can some one help me to understand the root cause of this?
Tying to install Office 2019 Applications through SCCM using latest features Click to Run. I was able to do a fresh install of Office 365 with Visio and Project on my test machine. Following on that test machine, I un-installed the Visio and Project and then installed visio 2016 manually. so as a test run I am trying to only upgrade visio2016 to visio219 using the same Click to run configuration but when I choose do not uninstall anything and then try to install the visio2019, click to run complaints that "Can't install, to install this first uninstall the following product(s) and try again"

I am wondering why?
Become a Certified Penetration Testing Engineer
LVL 12
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

We want to deply v1809 images, and we need to upgrade MDT/ADK to v1809.  We also have WDS / SCCM in our environment.     We use MDT with SCCM.  
We create a reference image(Golden image) on MDT and put it into SCCM.

I know I have to  download
-- Windows 10 1809 Assessment and Deployment Kit (ADK)
-- Windows PE add-on for the ADK
-- Microsoft Deployment Toolkit (8450)

Does anything have to be done on the WDS server or the SCCM server?


We have installed  MDT  6.3.8450 on Windows 2012 server and there are few issues  and would like to uninstall Windows Assessment and deployment Kit - Windows 10 and reinstall.

On the control panel when i click Uninstall , it says uninstalling features and  and hangs on 0%  and there is no progress on uninstall..
Please let me know as how to uninstall this  and reinstall successfully.

Is there any uninstall utility?

Any help will be great and thanks in advance
Hello Experts,

I’ve inherited the duties of SCCM administrator for our organization.  The problem with this is I don’t know anything about SCCM.  Here is a summary of our environment:
- We have two domains on one subnet.  The first domain is agency.myco.com and the second domain is mycoed.com.
- The primary SCCM server is running SCCM 2012 R2 SP1 - This server is named "MyCo-SMS2K12.agency.myco.com"
- There is one site in our SCCM environment - Site name is "SC1"
- We have a distribution point in a second domain - This server is named "MyCo-ED-SMS.mycoed.com"

When I look in SCCM Manager, I see the six servers in the mycoed.com domain.  I'm guessing they were found during a network discovery process.  However, SCCM Manager does not show these servers as having the sccm agent installed on them.  When I log into the servers, the agent is installed on them.  On the general tab of the configuration manager properties page, I see the following:
   Assigned management point:  MyCo-ED-SMS.mycoed.com
   Client certificate:  Self-Signed  
   Connection type:  Currently intranet
   Site code:  SMS:SC1
   Unique identifier:  GUID:xxxxxxxx-xxxxxx...
   Version 5.008239.1403

My questions are:

I think the servers in the mycoed.com domain communicate with the distribution/management point in that domain (which is MyCo-Ed-SMS.mycoed.com).  MyCo-ED-SMS.mycoed.com then reports in with the main SCCM server (which is MyCo-SMS2K12.agency.myco.com).  Is this correct?  If so, …
I have WSUS running on a ConfigMgr server, and ConfigMgr is currently patching clients and servers through ADR's. We're in the process of removing our servers from ConfigMgr management due to costs, clients will remain within ConfigMgr.

My question is, can I use the existing WSUS feature to patch the servers via GPO's? I ask because with ConfigMgr, you basically install WSUS and then don't touch it again. All patch management is done within ConfigMgr. I'm concerned that approving updates within WSUS might start to break things for ConfigMgr.
Deploying Windows 10 via SCCM. At the very end, we are (successfully) enabling BitLocker. The problem is the Data Recovery Agent certificate is NOT getting installed.

The computer is joined to the domain very early in the TS. There are multiple reboots along the way (OS updates, software installs).

I've confirmed the proper GPO is enabled for the OU the computers are dropped into when they're joined to the domain.

I've confirmed the computer's recovery key IS getting uploaded to AD.

What we see on a Windows 7 computer with BitLocker enabled and "TPM and PIN":

      H:\>manage-bde c: -status
      BitLocker Drive Encryption: Configuration Tool version 6.1.7601
      Copyright (C) Microsoft Corporation. All rights reserved.
      Volume C: [OSPart]
      [OS Volume]
          Size:                 232.59 GB
          BitLocker Version:    Windows 7
          Conversion Status:    Fully Encrypted
          Percentage Encrypted: 100%
          Encryption Method:    AES 128 with Diffuser
          Protection Status:    Protection On
          Lock Status:          Unlocked
          Identification Field: xxx
          Key Protectors:
              Numerical Password
              TPM And PIN
              Data Recovery Agent (Certificate Based)

What we see on Windows 10 with similar encryption setup:

      C:\WINDOWS\system32>manage-bde c: -status
      BitLocker Drive Encryption: Configuration Tool version 10.0.14393
      Copyright (C) 2013 Microsoft Corporation. All rights reserved.
      Volume C: [OSDisk]
      [OS …
Deploying Windows 10 with SCCM current branch 1607.  I need to do a restart early in my task sequence, but a restart back into WinPE - which is easy. The trick is that I want to pick up where I left off in the task sequence - otherwise I'm stuck in an endless loop.

I know if I chose to "reboot into the installed OS" option for this step, the TS would pick up where it left off. The problem is I haven't installed the OS at this point. I'm clearing the TPM chip before installing Windows 10.

Does anyone know the (hidden) trick to get me out of this endless loop?
Trying to create a Distribution Point for SCCM and I am getting this error...

verify that the site server computer account is an administrator on the distribution point computer.

I have verified that the site server computer is in the local admin group...
Hi Experts.
Can you please provide some assistance in terms of how I can respond to our client,
We have about 6000 workstations in our environment, however SCCM is reporting blanks for last logon user and most common user on around 200 of these devices,
What generally can be the cause of this?
IE: besides a faulty SCCM client, which we can rule
(2) machines connecting via Direct Access remote access, would this have a bearing,
(3) machines that has just come off workstation build, and no user has obviously logged onto them?
Any advise how I can respond to my client around this will be appreciated
I am trying to deploy Visio 64 bit silently using SCCM.  I've done the following so far:

- ran "Setup.exe /admin" and made selections needed for silent such as agreeing to the license etc.
- Created the Application, Deployment Type and Deployment.
- Created an install batch file that runs this command:  "msiexec.exe /quiet %~dp0\Visio_2013_64bit.MSP /qn".

The install will not run and when I ran the command locally to test I received an error message - basically my msiexec command is wrong and it's not even making it to the install.

I've seen the command used to install with an MSP but it had the original install msi within the command along with the .msp.  I was going to try that burt I can't figure out which MSI to use in this version of visio....or do I use the Office MSI?

Anyone have experience using an MSP for install?
Bootstrap 4: Exploring New Features
LVL 12
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Could someone please help with the below scenario:
We have an existing forest a.corp.com with a running CA. We have have created one another forest (business purpose) b.corp.com and installed new CA. Created forest trust between the forests.
We have installed a new SCCM infra in the new forest b.corp.com. Now we want to manage clients in the forest a.corp.com with the configuration manager client certificate issued from the b.corp.com forest.
We have seen the MS article AD CS: Deploying Cross-forest Certificate Enrollment, but we don't want to perform all the steps mentioned here like consolidation of certificates. We just want to get the configuration manager client certificate in the remote forest a.corp.com clients. Could you advise the best method to configure this without making issues in our current CA (note - we already have forest trust between the forests).

Hi all

I am new to Deploying windows updates via SCCM so sorry in advance of my ignorance

I have seen the windows updates has not been done since march 2018. I joined here in sept and trying to get my head round SCCM.

I can see all updates that are downloaded are alss deployed.

I tried running synchronise software updates - to download the new updates so i can deploy later but its not doing anything.

When i went to Monitoring - System Status 0 Component status - the status shows X with critical.. There is no easy error messages that helps. Any ideas what i need to do or where i can start?
Microsoft System Center Configuration Manager
Some of the basic WQL queries I've used for quick reference. This article will be updated with additional queries later.
We're upgrading our existing Dell Windows 7 computers to Windows 10. During this upgrade, we will be standardizing the BIOS settings (Legacy to UEFI, SecureBoot, ...).   Some of the computers we'll be upgrading are BitLocker encrypted.  If the target computer is encrypted, my BIOS change steps won't run b/c there's no writable partition.

I want to do the BIOS checks first b/c I want to make sure our MDT 2013 task sequence formats the drive UEFI before continuing with the deployment.

I would like to add a step at the to check if there's a writable partition, and if not, run a diskpart script (diskpart.exe /s diskpart01.txt). I found someone who created a vb script that does this "as a startup script". I'm not sure how they implemented it.
	Option Explicit
On Error Resume Next
	Dim oShell, oFso
Set oShell = CreateObject("WScript.Shell")
Set oFso = CreateObject("Scripting.FileSystemObject")
	If NOT oFso.folderExists("C:\") Then
  If msgbox("The C: drive is encrypted or missing.  do you want to clean it for imaging?" & vbcrlf & "THIS WILL DELETE EVERYTHING ON THIS DISK!",4,"STOP") = 6 then
   oShell.Run "diskpart.exe /s diskpart.txt",,true
   msgbox "Nothing will be deleted off the drive.  if you're attempting to image this system, then x86 imaging will FAIL."
  end if
End If

Open in new window

Can you run a vb script without a writable local partition?  At the moment, I'm getting a 0x800700A1 error -> which means there's no where to copy the package that contains the vbscript.

What's the "best" way for me to do this?
SCCM server has crashed. Need to configure a new server and SCCM instance, no backup available. How do I link company laptops with the new SCCM instance?
Hello all,

I am getting below error while importing drivers.

Error: All drivers) are imported successfully. Drivers cannot be added to some driver package(s).

the folder is empty as well.

any ideas?







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.