[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.

Share tech news, updates, or what's on your mind.

Sign up to Post

I would like to know how to manage patch management (eg. a group of servers with different flavours of operating system).
Also how to re-check updates after the first patch of updates have been installed.
Also how to force check back to reporting services to gain accurate result if they are compliant or not.
Microsoft Azure 2017
LVL 12
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Hello all,we are trying to add collection parameter for sccm report. How can i achieve this.regards
Hi All,

I need Microsoft System Configuration Center Manager (SCCM) 2007 installation package but I can't find it anywhere.
Does it anyone have the SCCM 2007 please?

George Gabra
Hi Team,

We have recently implemented a new sccm infrastructure with a primary site and a secondary site (for the branch location). Boundary groups are created with IP subnets / AD site and associated with appropriate sccm sites. The system discovery works fine, the secondary site clients are assigned with the secondary site code during discovery and the clients which comes under primary site are assigned with primary site code. As it is a testing phase we have not enabled automatic client deployment.

The issue is when we do client push to the clients assigned with secondary site (or manually initiated a client push from the secondary site), it fails with the below errors during the BITS download -
BG error context is 5
Download Update: A recoverable error has occurred.  A retry attempt will be made. Error: 0x80072f76, Description The requested header was not found, Context: The error occurred while the remote file was being processed.." .
I have checked the ccmsetup.log file in the client machine and confirmed that it detects correct MP and DP (secondary site).

When we manually select the primary site and push the client to the same station (discovered by the secondary site code), it works fine. Also, during the installation it detects the secondary site as DP and fetches the required installation files via BITS from the secondary site servers. It uses the primary site server only to copy the initial files like mobileclient.tcf and ccmsetup.exe. In this case …
I am currently with Ivanti formally known as Shavlik patch management.  My 3 year is about to expire, what I was paying for 3 years is now what I will have to pay for 1 year so we can not continue with Ivanti.   Does anyone have any recommendations on a patch management system that has a reasonably  price structure?

Dump question, I need to update .NET on Windows 10 machines using SCCM, but when I look under "All Software Updates" and do a search for .NET I am only seeing a bunch of .NET updates for Win7, 8, and Server OS's, nothing for Windows 10. Windows 10 is one of the products that is highlighted under my environment and I can see all the normal security, critical, rollups, etc for Win 10. Am I missing something? Are .NET updates under a different classification for Win 10?

Thanks in advance,
I am using SCCM 1806. there is a secondary server which has around 13k objects to manage

each boundary group has its own DP so that client systems need not be download the contents from sec server

on boundary group relationship I have set never fall back to sec server default group for content

still some clients download the data from secondary site. total size of the data for 7 days is 1567GB. some of the clients has downloaded 8 to 10 GB from secondary site. can some one help me to understand the root cause of this?
Tying to install Office 2019 Applications through SCCM using latest features Click to Run. I was able to do a fresh install of Office 365 with Visio and Project on my test machine. Following on that test machine, I un-installed the Visio and Project and then installed visio 2016 manually. so as a test run I am trying to only upgrade visio2016 to visio219 using the same Click to run configuration but when I choose do not uninstall anything and then try to install the visio2019, click to run complaints that "Can't install, to install this first uninstall the following product(s) and try again"

I am wondering why?
We want to deply v1809 images, and we need to upgrade MDT/ADK to v1809.  We also have WDS / SCCM in our environment.     We use MDT with SCCM.  
We create a reference image(Golden image) on MDT and put it into SCCM.

I know I have to  download
-- Windows 10 1809 Assessment and Deployment Kit (ADK)
-- Windows PE add-on for the ADK
-- Microsoft Deployment Toolkit (8450)

Does anything have to be done on the WDS server or the SCCM server?

Hello Experts,

I’ve inherited the duties of SCCM administrator for our organization.  The problem with this is I don’t know anything about SCCM.  Here is a summary of our environment:
- We have two domains on one subnet.  The first domain is agency.myco.com and the second domain is mycoed.com.
- The primary SCCM server is running SCCM 2012 R2 SP1 - This server is named "MyCo-SMS2K12.agency.myco.com"
- There is one site in our SCCM environment - Site name is "SC1"
- We have a distribution point in a second domain - This server is named "MyCo-ED-SMS.mycoed.com"

When I look in SCCM Manager, I see the six servers in the mycoed.com domain.  I'm guessing they were found during a network discovery process.  However, SCCM Manager does not show these servers as having the sccm agent installed on them.  When I log into the servers, the agent is installed on them.  On the general tab of the configuration manager properties page, I see the following:
   Assigned management point:  MyCo-ED-SMS.mycoed.com
   Client certificate:  Self-Signed  
   Connection type:  Currently intranet
   Site code:  SMS:SC1
   Unique identifier:  GUID:xxxxxxxx-xxxxxx...
   Version 5.008239.1403

My questions are:

I think the servers in the mycoed.com domain communicate with the distribution/management point in that domain (which is MyCo-Ed-SMS.mycoed.com).  MyCo-ED-SMS.mycoed.com then reports in with the main SCCM server (which is MyCo-SMS2K12.agency.myco.com).  Is this correct?  If so, …
PMI ACP® Project Management
LVL 12
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Deploying Windows 10 via SCCM. At the very end, we are (successfully) enabling BitLocker. The problem is the Data Recovery Agent certificate is NOT getting installed.

The computer is joined to the domain very early in the TS. There are multiple reboots along the way (OS updates, software installs).

I've confirmed the proper GPO is enabled for the OU the computers are dropped into when they're joined to the domain.

I've confirmed the computer's recovery key IS getting uploaded to AD.

What we see on a Windows 7 computer with BitLocker enabled and "TPM and PIN":

      H:\>manage-bde c: -status
      BitLocker Drive Encryption: Configuration Tool version 6.1.7601
      Copyright (C) Microsoft Corporation. All rights reserved.
      Volume C: [OSPart]
      [OS Volume]
          Size:                 232.59 GB
          BitLocker Version:    Windows 7
          Conversion Status:    Fully Encrypted
          Percentage Encrypted: 100%
          Encryption Method:    AES 128 with Diffuser
          Protection Status:    Protection On
          Lock Status:          Unlocked
          Identification Field: xxx
          Key Protectors:
              Numerical Password
              TPM And PIN
              Data Recovery Agent (Certificate Based)

What we see on Windows 10 with similar encryption setup:

      C:\WINDOWS\system32>manage-bde c: -status
      BitLocker Drive Encryption: Configuration Tool version 10.0.14393
      Copyright (C) 2013 Microsoft Corporation. All rights reserved.
      Volume C: [OSDisk]
      [OS …
Hi all

I am new to Deploying windows updates via SCCM so sorry in advance of my ignorance

I have seen the windows updates has not been done since march 2018. I joined here in sept and trying to get my head round SCCM.

I can see all updates that are downloaded are alss deployed.

I tried running synchronise software updates - to download the new updates so i can deploy later but its not doing anything.

When i went to Monitoring - System Status 0 Component status - the status shows X with critical.. There is no easy error messages that helps. Any ideas what i need to do or where i can start?
We're upgrading our existing Dell Windows 7 computers to Windows 10. During this upgrade, we will be standardizing the BIOS settings (Legacy to UEFI, SecureBoot, ...).   Some of the computers we'll be upgrading are BitLocker encrypted.  If the target computer is encrypted, my BIOS change steps won't run b/c there's no writable partition.

I want to do the BIOS checks first b/c I want to make sure our MDT 2013 task sequence formats the drive UEFI before continuing with the deployment.

I would like to add a step at the to check if there's a writable partition, and if not, run a diskpart script (diskpart.exe /s diskpart01.txt). I found someone who created a vb script that does this "as a startup script". I'm not sure how they implemented it.
	Option Explicit
On Error Resume Next
	Dim oShell, oFso
Set oShell = CreateObject("WScript.Shell")
Set oFso = CreateObject("Scripting.FileSystemObject")
	If NOT oFso.folderExists("C:\") Then
  If msgbox("The C: drive is encrypted or missing.  do you want to clean it for imaging?" & vbcrlf & "THIS WILL DELETE EVERYTHING ON THIS DISK!",4,"STOP") = 6 then
   oShell.Run "diskpart.exe /s diskpart.txt",,true
   msgbox "Nothing will be deleted off the drive.  if you're attempting to image this system, then x86 imaging will FAIL."
  end if
End If

Open in new window

Can you run a vb script without a writable local partition?  At the moment, I'm getting a 0x800700A1 error -> which means there's no where to copy the package that contains the vbscript.

What's the "best" way for me to do this?
I have to come up with a SCCM Enterprise patch management plan.  First time taking this kind of responsibility but looking forward to it.
 My question is what should I do for my manager to give a good representation of what the patch management environment is now and what it should be?

 What to look for and how to map out updating past updates for work stations to bring up to date.
Issues: We are facing issues with SCCM 2012 client scan(windows 7) with windows update server. The error message in Wuahandler.log is "OnSearchComplete - Failed to end search     job. Error = 0x80072ee2.".

Environment detail:
PSS - we have a single primary site server SCCM 2012 R2 with SP1 in datacentre 1 in a virtual server (win serv 2012 R2 with 5.5 GB physical memory).
XYZ - This server in the datacentre 1 having windows server 2008 R2 with 32GB internal memory. This server is installed with distribution point, fallback status point and management point.
ABC -  This server is in datacentre 2 having windows server 2008 R2 with 32GB internal memory. This server is installed with distribution point, Reporting service Point, management point and software update point.
We have around 4000 win 7 device(laptop/desktop) and 2000(win 10 device win7 and win 10), all getting patched with SCCM. We are deploying all the October month OS, .Net Framework, IE and Office patch to these win 7 and win 10 device.

Initial troubleshoot: Since most of the blogs and website point toward increasing the private memory of WSUS pool under IIS so I have changed the private memory to 0 and also the queue length to 2000. I also restarted the server ABC but no luck.

Few logs detail:
WuaHandler.log (Scan failed with error = 0x80072ee2.)
Update Store: No error found here. Querying update status completed successfully and all the missing and installed updates are reflecting here.#
wmi query if machine are connected  to ethernet cable

second  check if machine connected to wifi

Hello experts,

we have some machines out there without McAfee VirusScan Enterprise" and McAfee Endpoint Security Threat Prevention. we are trying to get those machines. I tried query report as well. maybe something with the query.
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct
SMS_R_System.ResourceId not in
SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "McAfee VirusScan Enterprise"
and SMS_R_System.ResourceId not in
SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName = "McAfee VirusScan Enterprise"
and SMS_R_System.ResourceId not in
select SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID
SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "McAfee Endpoint Security Threat Prevention"
And SMS_R_System.ResourceId not in
select SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID
from S
Recently migrated from Server 2012R2/SCCM 1802 to a new site with Server 2016/SCCM 1806.   We have MBAM integrated with SCCM and are wondering what needs to be done on the new site server to integrate our existing MBAM server from old SCCM environment to new environment .    Can you give me the steps needed to accomplish this?


How do i convert .iso image to .wim. My .iso Launch Media gives error while i run image capture wizard in windows 10. Task Sequence Error is "Image Capture Wizard has failed with the error code (0x00004005).
OWASP Proactive Controls
LVL 12
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

We have a SCCM server (single site) that has stopped working after Microsoft has been trying to get it to install patches beyond 1710 build.   It started out with the system refusing to install updates, then MS support got involved, got it to install the 1706 and 1710 update after weeks of messing around.  but then it wouldn't install the 1802 update.  Then after several months of working with MS support, something they did killed the SCCM server so the console wouldn't even start.  Opened another ticket with MS support, and after two weeks they said the console won't start because WMI is corrupt on the server.  They installed the console on a test machine and was able to start it, however it looks like none of the clients has connected with the server in weeks if not longer.  Anyway, MS stopped spending any time/resources trying to fix what they messed up.

Now what we're asking is, if it's possible to build a new server from scratch, using the latest version of SCCM, and then migrate all the data from the old (now dead) SCCM server and maintain all the client connectivity?  If so, is there any documentation from MS or anyone else that shows what needs to be done?

We're trying to salvage as much as we can.  The only thing we use SCCM for is to report clients to Service Now (for Configuration Item assignment).  We do not use SCCM to push out patches or manage the clients in any other way.

Hardware and Software Inventory is empty for all devices.  The device queries that were built on add/remove programs on the devices or based on Operating System installed on the PCs is now coming up empty.  If the membership hasn't updated on the query, I can see the number, but if I go into the collection, no devices are listed.  If I update the membership, the number goes to zero.

I have rebooted the SCCM server and there are no active alerts in the monitoring tab to alert me to any issues.

I am having an issue with OS deployment with UEFI. The PXE boot starts and gets thru till the message "Preparing network"appears, thereafter the machine reboots.

with F8 I am able to ping WDS,DP and site server, The HDD is listed in Diskpart. SMSTS.log shows the following errors

Executing command line: "X:\sms\bin\x64\smstftp.exe" -i get X:\sms\data\variables.dat
Process completed with exit code 1
Failed to download pxe variable file. Code(0x00000001)
PxeGetPxeData failed with 0x80004005

attached the log file , can you please help

SCCM 2012 1610 , WDS and DP on same server Windows 2008 R2 , DHCP Windows 2008R2
I am upgrading the O/S of sccm sites servers from Windows 2008 r2 to windows 2012. There are 5 DPs that are running on Windows 2008 R2. My question is do I need to update the o/s of these to Windows 2012 or it will operate fine as windows 2008
SCCM server - On the Client computer how can I tell which sccm server or distribution point managers that PC.

I have a problem our SCCM enviroment. For the past 10 month's it didnt work and i decided to give it some new "life" but i cant get it working anymore:

I use certificate based authentication with the SCCM clients.

When i try to register a client i get the following error in cmmsetup.log of the client:

<![LOG[GET 'https://externalFQDN/CCM_Client/ccmsetup.cab']LOG]!><time="16:44:16.512-120" date="09-01-2018" component="ccmsetup" context="" type="1" thread="6040" file="httphelper.cpp:806">
<![LOG[Failed to successfully complete WinHttp request. (StatusCode at WinHttpQueryHeaders: 403)]LOG]!><time="16:44:16.590-120" date="09-01-2018" component="ccmsetup" context="" type="3" thread="6040" file="state.h:69">
<![LOG[DownloadFileByWinHTTP failed with error 0x80004005]LOG]!><time="16:44:16.590-120" date="09-01-2018" component="ccmsetup" context="" type="3" thread="6040" file="httphelper.cpp:1080">

on the SCCM server i see these errors in the iis.log

      Line 5591: 2018-09-01 14:44:55 SCCMserverIP CCM_POST /ccm_system/request - 443 - CLIENT_IP ccmsetup - 403 16 2148204809 1477 17
      Line 5592: 2018-09-01 14:44:55 SCCMserverIP GET /CCM_Client/ccmsetup.cab - 443 - CLIENT_IP ccmsetup - 403 16 2148204809 1477 65
      Line 5593: 2018-09-01 14:44:55 SCCMserverIP POST /SMS_FSP/.sms_fsp - 80 - CLIENT_IP SMS+FSP - 200 0 0 149 61
and the mpcontrol.log:

Using custom selection criteria based on the machine NetBIOS name.  $$<SMS_MP_CONTROL_MANAGER><09-01-2018 …






Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.