Go Premium for a chance to win a PS4. Enter to Win







Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.

Share tech news, updates, or what's on your mind.

Sign up to Post

All of the sudden our imaging through CM has stopped working. The only change I have made was to add drivers to our USB boot disk to support the new Surface laptop. Imaging did work post this as I was able to image the Surface laptop.
We are running version 5.00.8540.1000 - 2012 Current Branch.
I have attached the SMSTS Log from one of the failed Surface Pro's earlier.
Also I have followed this article http://henkhoogendoorn.blogspot.co.uk/2014/11/how-to-deploy-windows-image-on-uefi.html but with no succuss.
Thanks for your help.
Important Lessons on Recovering from Petya
LVL 11
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.


which user is used when installing software?

Is there any way to block any applications within the windows defender?? I don't want anyone to install one specific applications and if they try to install, windows defender somehow blocks it. can we somehow integrate this in sccm so that we can block these on all devices in our environment?
I am getting an error application cannot load because of a side by side error? Any ideas?
When a client is installed with System Center Endpoint Protection, user can uninstall SCEP if the user had admin right to the local machine. How to block uninstallation of SCEP?  This is Microsoft product so as i guess, if the user has admin right, he can do whatever he wants. Is there a way to block even the admin to uninstall SCEP?

And once SCEP is uninstalled, the client doesn't receive reinstallation for SCEP. It just remains unprotected. Why does SCCM not reevaluate the applied Client Settings and reinstall SCEP? And the status for SCEP is still 'managed' for 2 hours in CAS server.
Hello SCCM Experts,

We are running SCCM 2012.  I have a PowerShell script that simply creates a folder called PSTest on the C drive of a computer.  I want to push this out via SCCM.  Here are the steps I’m going in trying to get this script to run via SCCM:
1.      Log into SCCM server.
2.      Open Configuration Manager.
3.      Navigate to Software Library.
4.      Navigate to Application Management.
5.      Navigate to Packages.
6.      Select the Create Package option.
7.      Create a new package with the following options:
Package Info Screen
a.      Name = SCCM-Powershell Test
b.      Language = English
c.      Version = 1
d.      Check mark in the ‘This package contains source files’ box
e.      Source folder = \\server1\ws_psscripts
Program Type Screen
a.      Select ‘Standard Program’
Standard Program Info Screen
a.      Name = PackageTest
b.      Command line:  powershell.exe –executionpolicy bypass –file \\server1\ws_psscripts\packagetest.ps1
c.      Run = Normal
d.      Program can run = Whether or not user is logged on
e.      Run mode:  Run with admin rights
f.      Drive mode = Runs with UNC name
Specify requirements Screen
a.      This program can only run on specified platforms selected, All Windows 7 (64-bit specified)

The package is created successfully.  I then right-click the package and select the ‘Distribute Content’ option.  I add my distribution point and successfully distribute the content.

Once the content is distributed, I right-click the package and select the ‘Deploy’ option.
            General Info Screen
a.      Select …
event log : DCOM was unable to communicate with the computerxxxx using any of the configured protocols; requested by PID     41d0 (D:\Program Files\Microsoft Configuration Manager\bin\x64\smsexec.exe).
I want to run CCMClean.exe from a server on a remote PC, I need to remove SCCM from the PC and remove the CCM folders under Windows. If someone has a script (Powershell or VB) or even a bat file that would be great.

Just in case I was not clear. CCMClean is on a server  \\servername\client\ccmclean.exe  
And I want to run that on a remote PC to remove SCCM.
Hello SCCM Guru's!

We have 10,500 clients

We are trying to deploy a task sequence that has a startmod.vbs (vb script) file in it. The TS works perfectly every time, until we add the VB file at the end.

I've tried 10 different ways according to the internet findings, but so far, nothing is working. The script never even runs. All the other items run before it, but once it gets to the .vb script, it errors out.

Any clue as to how to deploy a .vb script in a task sequence?

Thank you so much for your kind assistance.

PXE boot fails on device with attached error

Any advice? please help!
[Webinar] Cloud and Mobile-First Strategy
LVL 11
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Hello -

I have a root domain with three other child domains with transitive trust from root to all other child domains. Each child domain trust back to root. What I am trying to do is setup all computers within our domains our SCCM CPA account as local admin, again on all systems. I am trying to do this as a GPO. I am running Server 2012 R2 for our DC. Can someone shine some light on how I can successfully do this?

Thank you so much!
Hello -

I am running SCCM 2012 and getting an Access Denied while attempting to deploy an application. The Access Denied error is coming up on a few systems. Please see picture. I'd appreciate if you can direct me to a resolution for this error.

Error message
Thank you!

I need to deploy a Windows 10 upgrade to hundreds of machines.  A number of them are older HP z220 machines with x86 Windows 7.

The video driver that is installed during the upgrade is a default and doesn't allow correct screen resolution or dual monitor spanning.
The only way to fix seems to be to go to every machine and run a windows update on the driver.  I have the correct driver in the driver collection.

What's my best solution?

I can't push this to the enterprise until I get this resolved, and am under a bit of pressure.

Thanks in advance for the assistance.
All, I have a few machines I pushed software too. I forced the install but all I see in configuration manager is waiting to install. Any ideas? I see this on a few machines I pushed packages to.

I have started an position as windows admin and I have 150 Windows ( 2008 , 2012 ) and 10 Linux Redhat Server. We have SCCM.

Environment is old and patching has been neglected for more than a year

My question is that I would like start getting report about Missing pathes on Both Windows /Linux system so that I can plan how to patch them. I am not too good with SCCM but I have used now and there so I can bring myself to Speed as to how to use it.

Will you please tell me how you would go about this in conceptional manner. How would you get a report about missing patches

Thanks very much in advance to all contribute

Hello - I am attempting to give myself db_datareader access to my SCCM 2012 DB. I need this so I can utilize a report https://smsagent.wordpress.com/free-configmgr-reports/instructions-2/

I am not able to connect after trying to configure data connections. Has anyone used this and how can I give myself access to SCCM db?

How late my pc take update from sccm not wsus

I make collections and package for win 10  put my pc take update for office 2010 without any deployment from sccm
Here's the scenario, can someone please give any ideas?

Using MDT 2012 with WDS to image Win7x64 computers, the MDT server has been up and working for a couple of years. I have one type of computer that will F12, start the MDT task sequence but hang 'Attempting Multicast Transfer' on the installing OS bit.

In WDS it is showing as 'Waiting' in the Multicast Transmissions window (see attached). If I right click and select 'Bypass Multicast' it starts installing.

when there's just one machine connected it should start imaging straight away, why are these machines endlessly waiting for a multicast session? and not just starting the MDT. Even if 2 machines are waiting (which presumably makes it  a multicast session) it still doesn't start.

Other models of computer seem to work just fine.....of course.
I have been asked to patch office 365 but the conventional way using SCCM cannot be used because the current version level is at SCCM 2012 R2 (1302) on 2008 R2 SP1 Standard. Active Directory is at 2003, I can’t upgrade SCCM to 1606 to support office 365 because of AD SCCM would fall out of support if we changed it.

I have been tasked with patching O365 I have a few suggestions but need some advice on achieving this

1: Set up a file share for the patching and use group policy. Really dont want to take this approach as its labour intensive.

2: Set a new instance of WSUS up on a 2012 server with WSUS ver 4.0 and deploy 365 patching from it only snag is I dont know if I can run SCCM client patching along side a separate instance of WSUS. Is this achievable or is there a better solution.

We aren’t using azure the o365 is static.

Any suggestions would be greatly received
Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Hi Team,

I got the requirement to setup PXE distribution point for our lab where we use to image the bare metal machines. We got the vlan setup and got the IP range of the Vlan from our network team. But the issue is we already have a separate boundary created in sccm where my Vlan IP address range also a part of it. Example already set boundary IP range: - MY new Vlan IP range: - which is also falling under same range.

So my question is if I create separate boundary for my IP range and add it to boundary group and substantially adding that group to my PXE distribution point and then deploying my task sequence to All unknown computers. Then only my ip range machine's will get the deployment or all machines part of already created boundary range( - receive IP's?

Thanks ,
We've just configured OSD on a new SCCM Current Branch 1706 server, following the steps laid out here -


We're using the Windows 10 LTSB N ISO.
We installed Windows ADK 1703, which is the correct release for SCCM 1706 and Windows 10 deployments.
We created the Windows 10 1703 boot image as described in the windows-noob article.

We testing a deployment of Windows 10 to a VM. The VM does PXE boot, and I confirmed it has an IP address.

I'm prompted to enter the PXE password, and then the TS times out trying to retrieve the "policy". Eventually I get the following error:

An error occurred while retrieving policy for this computer (0x80004005).

When I check the smsts.log file, the first error (red herring or not b/c there are other entries in the log file that seem to succeed) is:

ShellExecute ('raserver.exe') failed. 0x80070002.

I also see the following error later in the smsts.log file:

Error. Received 0x80072ee7 from WinHttpSendRequest

What I've confirmed so far:

- Network access account is setup and has permissions to all images and packages.
- Time on VM is synch'd when compared to SCCM server
- Anonymous Authentication is enabled in IIS on the SCCM server

The VM is using the E1000 network adapter. I was under the impression a Windows 10 ISO would include this rather …
I want to deploy a series of packaged applications (packages and not applications) to a pc that has already been imaged.

Instead of deploying each package one-by-one and then deleting the deployments one-by-one, I was hoping to deploy the packages via a Task Sequence.

I put the packages into a TS and deploy it.  The TS appears in the client's Software Center and I select Install.  What happens next is not what I was expecting.  The download portion of the first package hangs up for a seemingly long time.  I should note that these packages installs without delay during PXE OSD.

So I press F8 and look at smsts.log.  It states that the file can't be downloaded but if I wait it out, the package eventually loads and installs and other times, the same package doesn't download and the entire TS fails (probably due to timeout).

Is it possible to deploy a TS to a device collection that already has an OS?
I'd like to use SCCM to push out a Powershell script as detailed in this article, but the deployment status is always an error or unknown.

how do I remove files and folders from multiple client machines using sccm 2016? do I use application or package?
I am looking to delete certain .exe files and some folders from few location on client machines.

what script should I use? do I use powershell or vbscript? and what is the installation command line for using either one?


One audit finding was raised to us:

a) it's a risk if SCCM (which we use to manage PCs, workstations, including critical payment workstations),
    WSUS (which we used to patch servers in Prod DMZ, Prod internal zones as well as Development/UAT),
    Desktop Central (to manage PCs, laptops), AD & NTP contain authenticators (eg: login id & password) of
    the endpoints they manage.  Do these managemt tools truly contain the authenticators?
    They may use AD credentials or even local credentials (eg: local administrator) to login to control
     the endpoints but do they actually contain the authenticators ?

b) if the answer is "yes", we were told to place all these mgmt tools (SCCM, DCentral, AD server, NTP etc)
     in an isolated secure zone rather than in DMZ so that the authenticators are not easily "stolen" : is
     this a valid mitigation/recommendation?    
    If it's too much to overhaul this, can we create Windows Firewall on these devices to block all traffic
     except the required traffic to mitigate ?

One more tool that we use to lodge privileged accounts credentials : the vendor actually recommend
we put it in DMZ when we 1st set it up, so quite confused if the vendor or the auditor is right






Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.