Arizona Systems Management User Group 10-year Anniversary Meeting – A Taste of MMS Recap

img_0731The Arizona Systems Management User Group 10-year Anniversary Meeting – A Taste of MMS has come and gone. It was a fantastic way to celebrate 10 years of AZSMUG with an all-star line up and a surprise special guest, David James – Director of Engineering for Configuration Manager.



Kicking off the meeting, Peter Daalmans started the day presenting Session 1 on How to cope with the rapid release of ConfigMgr.


He then presented the first sponsor session: Parallels Mac Management for our sponsor Parallels.


Next up was Kent Agerlund presenting Session 2 of the day on What’s new & trendy in Microsoft EMS.


Session 3 of the day was presented by Brian Mason – SQL Server 2016 & ConfigMgr – What you need to know.


Lunch was presented by our gold sponsor 1E. The pizzas were so large, user groups in Texas would be jealous.

1E’s Shaun Cassells presented the lunch time sponsor session – Windows 10 Servicing in the Real World.


After lunch we jumped right into Session 4 of the day with the All Speakers (plus David James) Q&A. This turned out being an excellent interactive discussion with great insights on things from David and Michael Niehaus. Everyone was engaged even after those extremely large pizza slices.


We also posted several Twitter polls throughout the day and used these as discussion topics during the Q&A (BTW if you are not on Twitter, get on Twitter!):

Poll 1: What version of ConfigMgr are you using in production?


Poll 2: How many ConfigMgr clients do you manage?


Poll 3: Are you using Microsoft EMS today?


Poll 4: What version of SQL are you using with ConfigMgr?


Poll 5: Do you have ConfigMgr integrated with Intune?


Poll 6: When do you plan on deploying Windows 10?

Michael Niehaus presented Session 5 on What’s new for enterprises in Windows 10 1607.


Finishing out the day with Session 6, Greg Ramsey did a deep dive session on Using PowerShell with ConfigMgr.


The examples that he covered can be download from his blog. Midway through Greg’s session the Midwest Management Summit afternoon cake arrived and it was yummy.


Wrapping up the day for a final speaker picture. Thanks again to all of the speakers for presenting and our sponsors Microsoft, 1E, Coretech, Midwest Management Summit and Parallels for making this event possible. I am already looking forward to the 20-year anniversary meeting!


Originally posted on

USB Flash Drives, UEFI and large WIMs

If you have already started working with UEFI devices, then you have probably figured out a few of the gotchas when it comes to booting these devices. First, you need to boot the device using the native architecture. So, if the device you are attempting to boot is a 64-bit device, then it needs to boot with a 64-bit boot image. Second, if you are using a USB Flash Drive, then you probably have realized that UEFI devices will not boot from a NTFS formatted flash drive. The flash drive needs to be formatted using FAT32 in order to boot UEFI. That is all fine and dandy, but what happens if you have a large WIM file (one that is greater than 4GB, like the Windows Server 2016 install.wim that is 4.38GB) that you need to copy onto the flash drive? The short answer is that you can’t, at least on the FAT32 partition. You can always split the WIM, but what fun is that? Plus, it sounds like extra work to me. Lucky for you, with the right USB flash drive and the information in this blog post, I will show you have you can fit that 4+GB WIM on your flash drive and still boot UEFI (because if you are still using BIOS, stop reading now and switch your system to UEFI).

The trick is to create multiple partitions on your flash drive, just like you do (or like Windows setup does for you) when you install Windows in UEFI mode. The problem is a limitation for creating multiple partitions on removable media. By flipping the ‘removable bit’ on the flash drive, you can then use diskpart to create a bootable FAT32 partition (large enough to fit all of the boot files) and then a second NTFS partition that contains the large WIM file (along with the other setup files that are needed. There are a few utilities out there on the Internet, like BootIT from Lexar (although I could not get it to work on some new Lexar USB flash drives that I just bought), that may or may not do the trick for you (NOTE: this does not work on all USB flash drives and you might toast your flash drive so use at your own risk). There are also some other tools that you might come across if you search long enough (and on some sketchy sites), but once again – use at your own risk. Hopefully one day soon, Windows will allow us to partition removable media since eventually most devices will be class 3 UEFI and WIM files are getting larger, not smaller.

Lucky for me, the SanDisk Ultra 16GB (Model SDCZ45-016G), which I bought at Costco several years ago, already shows up as a basic disk type (in other words, not removable), and allows me to create multiple partitions so that I can make it bootable in a UEFI configured system and still have the ability to copy large WIM files onto it.


It also looks like these are still available on Amazon (although I cannot guarantee that they are like the Costco model apart from the matching characters on the model number).

The process:

  1. Plug in the flash drive and open up an elevated command prompt. Run the following commands:
    list disk
    select disk x (where x is the disk # of your flash drive)
    clean (this is a destructive process, so be sure you have the correct drive and have backed up anything you want to keep)
    create partition primary size=500
    format fs=fat32 quick
    create partition primary (this creates the second partition)
    format fs=ntfs quick
  2. For this example, we will use the Windows Server 2016 ISO (you could also do the same with Configuration Manager OSD Media). Mount the ISO (in this example, it is on drive E:) and copy the subfolders boot and efi and files bootmgr and bootmgr.efi to the fat32 drive that was created above (in this example, it is on drive F:).
  3. On the fat32 drive create a subfolder called sources.
  4. On the Windows Server 2016 ISO drive, navigate to the sources directory. Locate the boot.wim and copy it to the fat32 drive in the sources subfolder.
  5. Copy the entire contents of the Windows Server 2016 ISO drive to the ntfs drive (in this example, it is on drive G:).
  6. Optionally name the partitions on the USB flash drive for easy identification.

Now you should be able to boot right up using the USB flash drive in UEFI mode and in this case proceed to install Windows Server 2016.

Originally posted on

Disable “Check online for updates from Microsoft Update” in Windows 10

windows10bannerIf you are already managing your Windows 10 systems (currently 1607 and below) with System Center Configuration Manager, then chances are you might want to prevent certain users from also being able to “Check online for updates from Microsoft Update.” before you have had a chance to fully test the latest cumulative update or feature update. Unfortunately, when users go into Settings > Update & security they will see a Check for updates button and below that, a Check online for updates from Microsoft Update link.


By clicking that link, it will bypass System Center Configuration Manager and go directly to Microsoft Update to see what the latest updates are available and start installing them once they download. One way that you can prevent this from happing is to enable the Group Policy setting: Do not connect to any Windows Update Internet locations:


If you enable this setting, you will not only disable the ability to check online for updates from Microsoft Update, but you will also disable the ability to install software from the Windows Store. Now if you have not started using the Windows Store yet, then this might not be a problem. Also, this policy is only effective if the Specify intranet Microsoft update service location policy is set (which it should be if you are using System Center Configuration Manager for Software Updates):



Once enabled, the Check online for updates from Microsoft Update link will disappear:


Hopefully we will see an option in the future that will allow for the ability to disable this link without disabling the ability to install apps from the Windows Store.

Originally posted on

Arizona Systems Management User Group 10-year Anniversary Meeting – A Taste of MMS

microsoft-tempeThe history of AZSMUG:

We have been planning this meeting for a long time and I really wanted to make this a special meeting. I got the idea to start the user group from a session that I attended at the Microsoft Management Summit in 2006. A Microsoft MVP by the name of Ed Aldrich gave a session on starting a local user group and I followed up with him afterwards for help on get things started (ironically Ed is now my coworker at 1E – although neither of us worked at 1E when we first met).

I also went through several Microsoft employees trying to find someone (a Microsoft blue badge employee) that would sponsor us so that we could host the meetings at the Microsoft office (back then it was at Central and Thomas). After striking out multiple times, I came across a Microsoft person by the name of Harold Wong (many of you probably know him from the TechNet Events). At the time, Harold was traveling as much, if not more than I was, but he always made time for us  when we wanted to have a meeting (even during his personal time, as most of our meetings were in the evenings). So a huge thanks to Harold for helping out all of these years! (BTW – he still travels a lot)

Our very first meeting was on September 21st, 2006. I think we had about 12 people attend the very first meeting – ironically many of those people still attend the user group today, so another thanks to all of you for sticking with us throughout the years!

Now, I know it would have been epic to have the 10-year meeting on the same exact day this year, but due to logistics October 7th turned out to be the ideal day. I personally am super excited for this meeting and hope to see as many of you there as possible.

So what is a Taste of MMS? The AZSMUG 10-year Anniversary Meeting IS a Taste of MMS. MMS, the Midwest Management Summit, is a systems management conference that provides top quality real-world sessions in a relaxed, setting. There is plenty of time for questions or even talking to speakers and peers.

So what makes this 10-year Anniversary Meeting a Taste of MMS? Every single speaker (Kent Agerlund, Brian Mason, Peter Daalmans, Greg Ramsey, Michael Niehaus and myself) has presented multiple sessions at the previous MMS conferences, which makes this meeting a ‘taste’ of what you get by attending the next MMS.

Registration is filling up fast, so be sure to book your ticket soon.
10 Years of AZSMUG
6 Speakers
4 Microsoft MVPs
1 Day (Friday, October 7th 2016, Tempe, AZ Microsoft Office)

Mike Terrill
AZ Systems Management User Group

Originally posted on

Import Task Sequence Failure – CM 1606

UPDATE 9/17/2016: This issue is resolved in Update Rollup 1 for System Center Configuration Manager current branch, version 1606, so be sure to apply this when upgrading to 1606.

As soon as I saw the word on Twitter that Configuration Manager (CM) 1606 was released to the fast ring, I upgraded my primary CM lab that I use for just about everything (and yes, I was on vacation at the time but that didn’t stop me).  CM is a very stable platform and the upgrade process is getting easier and easier, but software is software and every now and then you will run into an issue. That is exactly what happened to me when I was trying to import an OSD Task Sequence that had been exported from another lab that was running CM 1602. I was greeted by the dreadful error messages: “One or more errors occurred result may be incomplete” and “Object reference not set to an instance of an object”
01 Import TS Wizard
02 Import TS Wizard

Luckily, the fix turned out to be pretty easy once I knew the possible culprit. It turns out that there was some changed made to the Install Software Update step and it causes the Import Wizard to fail. All you have to do is remove the Install Software Update step before exporting your Task Sequence from a down level CM site. If you do not have access to the site but only to the exported Task Sequence, you can still fix it and here is how:

  1. The exported Task Sequence is contained in a zip file. Using Windows Explorer, extract the zip file into a working directory. For my example, I have unzipped my TS export called W10 BIOS to UEFI.
    03 Exported TS
  2. Navigate into the SMS_TaskSequencePackage directory and then the ID of the TS. Mine happens to be PS10003C.
    04 Exported TS
  3. Edit the object.xml file using Notepad (or your favorite editor). Look for the step that contains “SMS_TaskSequence_InstallUpdateAction” and delete everything between the opening <step> and closing </step> like highlighted in the screen shot below and then save the file. NOTE: You might need to run it as administrator depending on the location of your extracted files.
    04 object.xml
  4. Re-zip up the directory structure and then you should be able to import the Task Sequence without any issues.

Microsoft is aware of the issue, but hopefully this process helps out until it gets fixed.

Originally posted on

How to create a Power BI New Measure

I was recently working on a new Secure Boot State Power BI report and I wanted to use the native view from the ConfigMgr database that was created for the Secure Boot State hardware inventory extension (see Inventory Secure Boot State and UEFI with ConfigMgr). The value that gets returned is 0, 1 or null depending on how the hardware is configured. 0 means that Secure Boot is Off, 1 means it is On and null means that it is not reported and the system is probably running BIOS.

Those labels look much better than 0, 1 or nothing, so I wanted an easy way to modify the Power BI report without creating a custom query (which is also possible). Fortunately, Power BI has the ability to add a New Measure. For my New Measure, I selected New Column (New Measure is the other option). I gave my New Column the name “Secure Boot State”. The next thing was to translate the UEFISecureBootEnabled0 field into “On”, “Off”, or “BIOS”. Using the IF function, this was possible:

Secure Boot State = IF (ISBLANK(v_GS_UEFI_SecureBootState0[UEFISecureBootEnabled0]),”BIOS”, (IF (v_GS_UEFI_SecureBootState0[UEFISecureBootEnabled0]=1,”On”, (IF (v_GS_UEFI_SecureBootState0[UEFISecureBootEnabled0]=0,”Off”)))))

Now you can see that I have a new column and my source data set remains un-touched:

01 Power BI New Measure

This will be useful in creating my Power BI report for Secure Boot State.

Originally posted on

PXE Booting in the Real World

At the Midwest Management Summit today in the 7 AM OSD Birds of a Feather session, there was a lot of discussion around troubleshooting PXE booting issues. A reference was made to a session that Troy Martin and I gave at the 2014 Midwest Management Summit called PXE Booting in the Real World. Troy put together some nice SQL queries that help with the troubleshooting process:


/* Get list of devices and their Last PXE boot for (a) required deployments */
SELECT * FROM [CM_PS1].[dbo].[LastPXEAdvertisement] order by MAC_Addresses
/* Get item key for unknown records */
select * [CM_PS1].[dbo].[UnknownSystem_DISC]
/* Is device known and a valid client on the site */
Use CM_PS1
exec NBS_LookupPXEDevice N'45A74041-2F02-4A5E-B413-CD35DDE47123',N'1E:1E:1E:1E:1E:B1'
exec NBS_LookupPXEDevice N'2DCFD0F8-9134-44A3-84BB-0BFC114ADD87',N'1E:1E:1E:1E:1E:B2'
/* Get list of deployments for device */
Use CM_PS1
exec NBS_GetPXEBootAction N'16777278',N'2046820352',N'45A74041-2F02-4A5E-B413-CD35DDE47123',N'1E:1E:1E:1E:1E:B1',N''
exec NBS_GetPXEBootAction N'16777279',N'2046820353',N'2DCFD0F8-9134-44A3-84BB-0BFC114ADD87',N'1E:1E:1E:1E:1E:B2',N''

Here is a link to the slide deck that contains more information and a bunch of useful references.

Originally posted on

Configuration Manager and OSD with a side of PowerShell

Greg's Systems Management Blog

Enterprise Systems Management - the good, bad, and ugly

Coretech Blog

Configuration Manager and OSD with a side of PowerShell

Chris Nackers Blog

Just another site

Steve Thompson [MVP]

The automation specialist