PatchSolution is now available via CodePlex

I am so pleased to announce that thanks to the amazing work of Allan Rafuse we have released “PatchSolution” We have decided to make to this available for how much… Guess it…. $$$$ … Free!! Why you ask? Well it’s because we love the community and feel that this type of solution should be available to everyone. This is the same solution that I recently demoed in my session during the MVP Virtual Conference.     Here is a little write up on just what the solution can do for you!   Project Description Patching is a problem or that topic that most people don’t want to talk about. There are many great solutions to managing patches, but the problem is defining when computers can actually install these approved patches. This is where the Patch Solution comes in. Overview The idea behind the patch solution is to apply approved patches to a computer at a specific time. Some computers may be part of a QA/Test environment and some may be part of a Production environment. Using the same solution and by modifying the XML configuration file, the solution can tell each type of computer when it’s allowed to patch. As these scripts use free tools, and in order to help companies and individuals environments keep their environments more secure, this solution is also free. Features Uses free tools Automated...

Read More

Building Tiered Jobs with Veeam using PowerShell

As part of a new White Paper that I am putting together for Veeam I have written a cool PowerShell Script to help build tiered jobs using Veeam Backup and Replication. The purpose of this script was to help automate three tiers of jobs: Platinum Gold Silver   The job settings are built using template jobs that can quickly be created in the Veeam Backup and Replication Console.   Here is a sneak peek of the script in action.         When I started this project I was only going to build tiered Backup Jobs. As such the script has evolved into much more.   It can now do the following:   Job Creation based on VM Name Platinum-<VMNAME> Gold-<VMNAME> Silver-<VMNAME> Three tier Backup Jobs Three tier Replica Jobs Three tier Backup Copy Jobs Virtual Lab Creation Sure Backup Job Creation Master Delete options to wipe and start over in your lab   Here are some examples of how to use the script: .\Create_All_VeeamBackup_Jobs.ps1 –PlatinumJobs –GoldJobs –SilverJobs .\Create_All_VeeamBackup_Jobs.ps1 –PlatinumBackupCopyJobs –GoldBackupCopyJobs –SilverBackupCopyJobs .\Create_All_VeeamBackup_Jobs.ps1 –PlatinumSureBackupJobs .\Create_All_VeeamBackup_Jobs.ps1 –PlatinumReplicaJobs –GoldReplicaJobs –SilverReplicaJobs   Below gives you an idea as to the amount of work that has gone into creating this. Over 1200 lines of custom code.     Here is the best part as I love to give back to the community. Feel free to check out the script below.  ...

Read More

Take Your Microsoft Certification Exams from Home – Now in Canada

  Yes it is official everyone!! I received an email from Microsoft Certification earlier today. In Canada from your Home!   You can now write Microsoft Certification Exams from the comfort of your own home or office! This is amazing news way to go Microsoft!   Below is the email that I received from them today!   Online proctored exam delivery (beta) is now available in your country: take your next Microsoft Certification exam online, nearly anywhere! Introducing a convenient way to take Microsoft Certification exams at the time and place that’s most convenient for you. Online Proctoring, offered by Pearson VUE, lets you choose the time and place to take any Microsoft Certified Professional (MCP) or Microsoft Technology Associate (MTA) exam. Using a webcam and your personal computer, you can take your exams at home, work or just about anywhere you have internet access. How it Works Ensure your environment and system meet the requirements for online proctored delivery. You can take online proctored exams at home, at work, or at any other location that meets security and environment requirements. Review the hardware, software, and protocol requirements located here. If you ensure that these requirements are met before you check in for your exam, the check-in process should only take about ten minutes. Register for an online proctored exam. Choose an MCP or MTA exam (click here for...

Read More

Microsoft to Open Azure Data Center in Canada in 2016

This is huge news everyone!! Microsoft will open it’s first Canadian Data Centers in Toronto and Quebec city in 2016. Here is a little snippet from their press release: Press Release From Microsoft: MICROSOFT CLOUD TO TOUCH DOWN IN CANADA Locally deployed Azure, Office 365 and Dynamics CRM Online will help power Canadian business Toronto, June 2, 2015 – Microsoft today announced plans to deliver commercial cloud services from Canada. Azure, Office 365 and Dynamics CRM Online will be delivered from Toronto and Quebec City in 2016, further strengthening Microsoft’s footprint in Canada’s competitive cloud landscape. “Soon, the Microsoft Cloud will be truly Canadian,” said Kevin Turner, Worldwide Chief Operating Officer, Microsoft, who travelled to Toronto to make the announcement. “This substantial investment in a Canadian cloud demonstrates how committed we are to bringing even more opportunity to Canadian businesses and government organizations, helping them fully realize the cost savings and flexibility of the cloud,” said Turner. According to IDC, total public cloud spend in Canada is projected to grow to $2.5B by next year. The fastest growth will be from Public cloud infrastructure with a strong 45 per cent increase by 2016. These new locally deployed services will address data residency considerations for Microsoft customers and partners of all shapes and sizes who are embracing cloud computing to transform their businesses, better manage variable workloads and deliver new...

Read More

MVP Virtual Conference 2015 Sessions are now online

Great news everyone you can view all of the sessions for the amazing MVP’s that presented at the MVP Virtual Conference in May 2015. Click the link below to view any / all of them.

Read More

MVPDays 2015 is coming back to Western Canada

I am so pleased to announce the MVP Days will be coming back to Western Canada this year. We are going to be visiting the following cities: Vancouver – September 21, 2015 Calgary – September 23, 2015 Edmonton – September 25, 2015 You can Register at using promo code EarlyBird15 to get in free before the end of June 2015. You can follow up at   This year we have launched a new mini-app and mini-event site for each city which should be fun.   Also don’t forget to follow us on twitter at #CDNMVPDAYS Thanks,   Dave...

Read More

MVPDays 2014 Sessions are now Online

Great news everyone the sessions from MVPDays 2014 are online and available.     Don’t forget to register for this year’s roadshow at   We also have a Facebook Fan site at   Thanks for your support everyone!   Dave...

Read More

25 Steps that will save your bacon when migrating from Windows 2003 to 2012 R2

Are you still struggling to get rid of your existing Windows 2003 Servers? Did you forget that July14, 2015 is the END? For more information you can go to:     Here is what we have been doing with our customers at a high level to fast track them off of their aging infrastructure. Follow these 25 steps and you will be able to migrate from Windows 2003 like a champ! Let’s take a Server that is running Windows 2003 and is a Domain Controller, DHCP, DNS, and some File Services. Build a new Windows 2012 R2 Server (Make sure you fully patch it) Join it to the Domain Install the AD, DHCP, DNS, and File Services (Including De-Duplication) Roles. Logon to the Existing Windows 2003 Domain Controller and stop the DHCP Server Service. Copy the DHCP Database from the from Windows 2003 (%windir%\system32\dhcp\dhcp.mdb) to the new Windows 2012 R2 Server (c:\Export\DHCP\dhcp.mdb) Make sure you only grab the DHCP Database and not the associated log files. Note: This will take all of the associated Scopes from the old server to the new one. It is a complete cutover. If you need to take individual scopes you should use netsh or the Server Migration Toolkit. Export the DNS Configuration for all of the Standard Primary and Secondary Zones (Forward and Reverse). To do this export the DNS Registry keys...

Read More

Microsoft Intune Step by Step for Small Businesses with Office365

Many organizations today struggle with securing the plethora of devices that are used for business purposes, regardless of their size. Even users that have company-provided computers and phones will often still use their personal devices to some degree. For small businesses, many of whom have no computer/device management, this presents a problem in protecting company-sensitive data without a cost-effective solution. For organizations that use Office365, Microsoft Intune can be easily added with little effort. Its user-subscription model follows the same process as adding Office365 e-mail accounts, using the familiar Microsoft Online interface. NOTE: This guide is for small businesses that DO NOT use System Center 2012 Configuration Manager. The process for integrating Intune with Configuration Manager is different, which will be discussed in a later post. Step 1: Microsoft Intune has a full featured trial for up to 100 users, which is perfect for small businesses. The first thing we need to do is create an Intune account. Go to and click the Try Now button on the top right, click Sign In and use the same UserID that was used to create the Office365 account, then click Try Now on the confirmation page. Step 2: After the account has been created, you will be brought to the Dashboard of the organization’s Microsoft Intune portal. On the dashboard you will see a rather large banner, suggesting that you...

Read More

Register for the MVP Virtual Conference Today

Register to attend the Microsoft MVP Virtual Conference     I wanted to let you know about a great free event that Microsoft and the MVPs are putting on, May 14th & 15th.  Join Microsoft MVPs from the Americas’ region as they share their knowledge and real-world expertise during a free event, the MVP Virtual Conference.   The MVP Virtual Conference will showcase 95 sessions of content for IT Pros, Developers and Consumer experts designed to help you navigate life in a mobile-first, cloud-first world.  Microsoft’s Corporate Vice President of Developer Platform, Steve Guggenheimer, will be on hand to deliver the opening Key Note Address.   Why attend MVP V-Conf? The conference will have 5 tracks, IT Pro English, Dev English, Consumer English, Portuguese mixed sessions & Spanish mixed sessions, there is something for everyone! Learn from the best and brightest MVPs in the tech world today and develop some great skills!   Be sure to register quickly to hold your spot and tell your friends & colleagues.   The conference will be widely covered on social media, you can join the conversation by following @MVPAward and using the hashtag #MVPvConf.   Register now and feel the power of community!...

Read More

Setting up Azure AD Connect Public Preview

QUICKPOST…. Hey there I wanted to write up a quick note on a new way to connect your on premise Active Directory to Windows Azure. It is called Azure AD Connect and can be is now available for download.   Basically you can now connect your On-Premise Active Directory to Azure in less than an hour. This is a big change from the previous configurations that required AD Federation components and some experience with the services to get them up and running.     To install you simply download the installer from the connect preview site and run it on a Server in your environment. For my example I have chosen to install this directly on one of my Domain Controllers named TCCALDC10. Locate the Installer and run AzureADCConnnect.msi Accept the EULA and click Continue Click Install to install the required Pre-Reqs Configured the SQL Server Name, Service Account and Default Groups Now I had already previously created an Azure AD Account. I simply used this to connect. This account needs to be in the Global Administrator Role Click on Use express settings to continue the setup Now enter a Service Account that will have Enterprise Administrator rights in Active Directory and click Next Last step click Install to complete the installation And there you have it… I tested in Azure AD and my accounts are now there....

Read More

Taking Hydration to the Next Level – Part 4 – ViaMonstra SCCM Post Configuration

During the process of building the outline for our book Advanced Windows Deployments using 1E Software Emile and myself decided that it was really important to emulate a production environment. Most of the scenarios we had seen were simple configurations using a bare ConfigMgr environment. As such I decided to spend the time to write a proper ConfigMgr hydration script that would build all the necessary Packages, Programs, Collections, Deployments and settings required to follow along with our book. This was no small task as it took a little over 4 months of testing and development to figure out...

Read More

Taking Hydration to the Next Level – Part 3 – ViaMonstra SCCM Post Configuration

This is the last video that will cover the ViaMonstra Post Configuration tasks required to get the Hydrated environment working. In this video we will focus on creating the required Firewall Exclusion Group Policies, enable the Client Push Account and give our ConfigMgr Client Push Account local admin rights on each workstation in ViaMonstra. I hope you enjoy the video and as always we welcome your feedback and comments. Thanks, Dave   Check out our book on Amazon    ...

Read More

Taking Hydration to the Next Level

For a number of years now, Johan Arwidmark has been publishing Hydration Kits from his site. Hydration is the process of automating the build of an environment, either lab or production.  This is important because it provides a consistent implementation process that eliminates the possibility of misconfiguration, and quickly speeds up the creation of components that are often prerequisites to the solution you are testing. While writing our Advanced Windows Deployments book, we created some scripts that further extend Hydration.  Today we will show you the first one of these, which we run on the Hyper-V host to...

Read More

Installing System Center Configuration Manager 2012R2 Cumulative Update 4 Step by Step

The first step to install Cumulative Update 4 is to download the actual CU4 update binaries, which can be acquired by going to and clicking on the Hotfix Download Available link, selecting the appropriate file (there’s only one) and providing your e-mail address. You will shortly receive an automated message from with the download link for a self-extracting executable. Save it to your machine and double-click 482009_ENU_x64_zip.exe to extract CM12-R2CU4-KB3026739-X64-ENU.exe to your Downloads folder, which is the one that we will need to copy to our Configuration Manager Site Server. As with all updates for Configuration Manager, these should be applied in a top-down fashion. If you’re in a really large organization that has a CAS server, the change needs to be applied there first. If not, we will copy it right to the Primary Site Server. We now need to log onto the Primary itself, and ensure that the console is closed. Before proceeding, ensure a Checkpoint is taken of the VM. This will allow us to revert the CU4 install and remediate any issues for a clean installation. Next, navigate to the location where CM12-R2CU4-KB3026739-X64-ENU.exe was copied and double click to launch the wizard.   Click Next, accept the License Terms and click Next again to bring you to the perquisite page. Address any warnings or errors here (a reboot is often required), and proceed...

Read More

System Center Configuration Manager 2012R2 Cumulative Update 4 PowerShell Fixes and Additions

Cumulative Update 4 for System Center 2012 R2 Configuration Manager included many additions and changes to the PowerShell cmdlets that are used to manage the environment.  Here is a list of all the additions, fixes, and changes to cmdlets used for CM12R2. The following issues with PowerShell CM12 cmdlets have been resolved with CU4: – Add-CMDeploymentType When a deployment type is used that imports its information (such as AppV), the DeploymentTypeName parameter is ignored. The WindowsPhoneStoreInstaller parameter creates incorrect deployment types. This is a regression from Cumulative Update 1. Invalid locations can be specified incorrectly for the following deployment types: Windows Phone Store Google Play Store Apple Store You can configure the following as DownloadContentAsStreaming: MSI deployment Windows .appx type OnSlowNetworkMode values –  Add-CMDeviceAffinityToUser User-device affinity for nonprimary users cannot be set on devices. For example, such users can be users who are discovered through Active Directory. –  Add-CMDistributionPoint An expired CertificateExpirationTimeUtc can be specified. –  Add-CMFallbackStatusPoint StateMessageNum values are not validated against the acceptable range (100 to 100,000). –  Export-CMPackage Incorrect errors are reported when ExportFilePath is in an unexpected format. –  Get-CMSoftwareUpdate The Id parameter that allows for querying for software updates by ID value is missing. –  Get-CMStatusFilterRule No results are returned if the Name parameter is not specified. Get-CMUser Inconsistent object types are returned (SMS_CombinedUserResources or SMS_Collection-based object), depending on input parameters. This is a regression from the release version of System Center 2012 R2 Configuration Manager. See Get-CMUser notes in the...

Read More

System Center Configuration Manager 2012R2 Cumulative Update 4 Released!

Cumulative Update 4 for SCCM 2012 R2 was release by Microsoft on January 29, 2015. Along with issues fixed by the previous Cumulative Updates, CU4 provides support for App-V 5.0SP2 and specifically addresses the following: Software distribution – After a Configuration Manager 2007 distribution point is upgraded and assigned to a Configuration Manager 2012 secondary site, packages are listed as Unknown in the Content Status node of the Administrator Console. – Internet-based clients cannot download content from an Internet-facing distribution point after first they first encounter a failure to reach Windows Update. – Applications that use dynamic variable lists are not installed in System Center 2012 Configuration Manager – Adding or deleting a deployment to a software update group results in policy evaluation for all deployments within the group instead of the deployment that changed. Operating system deployment – The wrong software update for an operating system image may be selected the list of items that are returned in the Schedule Updates Wizard is sorted. – Task sequences that contain Windows 8.1 as a condition on the Options tab generate an exception when they are changed or accessed. – Child sites will not process the content for a task sequence that was changed after migration from another site. Note: This fix applies only to task sequences that are not yet migrated. Task sequences that were migrated before you applied CU4 should be deleted and then migrated...

Read More

Top Level Limiting Collections for Configuration Manager 2012

Having been through quite a few CM07 to CM12 migrations over the past few years, one of the things that I have seen heavily used in previous versions is nested collections, which had a similar functionality in SCCM as nested groups in Active Directory. However, this option has been removed with CM12, leaving administrators to re-think their collection hierarchy practices. Proper folder management is a large part of that, especially in larger organizations, but top level collections are still just as important, if not more, in the new version of Configuration Manager. The main reason for this is that we use these top level collections to limit the memberships of the operational collections that we (and our support staff) use on a daily basis. We group machines together in large criteria to limit deployments, reports, as well as implement security access for those that use Configuration Manager. When creating collections in Configuration Manager 2012, and when viewing the Membership Rules tab afterwards, there is an option to Use incremental updates for this collection. I strongly caution on the use of this button, as enabling it on more than a hundred collections can create drastic performance issues in your environment. As a general rule, I will use incremental updates for my top level collections only. Here are a few of the top level collections that I like to implement for...

Read More

Dynamic Server Collections for Managed Endpoint Protection in Configuration Manager 2012

One of the reasons why I really like System Center Endpoint Protection is its ease of management. This goes double when we’re using it to manage servers, as we get to leverage all the stuff that Configuration Manager has in its database to target policies. By targeting Antimalware Policies to collections that are based upon dynamic variables, we create an easy to manage environment that automates the provisioning of exclusion and scan policies for new and existing servers. In this post I’m not going to get into the process of creating the exclusion policies. Microsoft has included templates for most of their stuff, which is what we’ll focus on today. What I will show, however, is the collections that we’re going to create and the order of the policies that will be applied. To keep things clean and manageable, I like to keep my Endpoint Protection and Firewall collections together, so in the Assets and Compliance workspace we’ll create a folder called Managed Servers under the Device Collections Node. The first collection we’ll created is for DCs, called Managed Servers – Domain Controller. Configure a Query Rule with the following statement: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.DomainRole >= 4   Next is Managed Servers – DNS with a Query Rule to check for the service: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SERVICE...

Read More

Patching Images in Configuration Manager 2012 to Reduce Deployment Time

In my previous post, we went through the process of using Automatic Deployment Rules to create a fully automated patching process, complete with a pilot period, ideal for SMB customers. We’re now going to take those same patches and apply them to our Gold Image. This will reduce deployment times and frequency of Gold Image rebuilds, while maintaining a high initial patch level for newly deployed operating systems. Note that in order for the following process to work, you have to have Software Updates configured in your environment, and have used it to patch workstations with a similar OS as the image we wish to service. It will also only work with Microsoft updates, and even those have to be Component Based Servicing updates, so not everything is able to be added with this method. To patch our Gold Image, we need to expand the Operating Systems node in the Software Library and click on Operating System Images, then selecting our Gold Image. From the Ribbon, we’re going to click on the Schedule Updates button. I haven’t patched my Windows 8.1 image yet, so there’s quite a few in the screenshot.   Next, Next, Finish through the rest of the pages, and the servicing process begins. We’ll monitor the process from the OfflineServicingMgr.log file. As we can see, it’s ultimately just using DISM to mount the WIM and inject...

Read More

MVPDays Session – Advanced Windows Deployments

This was a session that I did in Vancouver in September 2014 at MVPDays Session – Advanced Windows Deployments Presenters – Dave Kawula MVP / Emile Cabot You asked for a real world scenario for Advanced Windows Deployments and that is what we have created.   This book is based on Dave/Emile’s new book called Advanced Windows Deployments (On the shelf in early October). You will learn how to trim down SCCM Infrastructure to a Single Server and deploy Windows to branch locations without shipping a single USB Stick or piece of hardware.   Central Management is a key focus of...

Read More

MVPDays Session – Best Practices for Virtualizing and Managing SharePoint with System Center and Hyper-V

This was a session that I did in Vancouver in September 2014 at MVPDays. Session – Best Practices for Virtualizing and Managing SharePoint with System Center 2012 R2 and Hyper-V Presenters – Dave Kawula MVP / Marcos Nogueira MVP SharePoint 2013 is now a company standard, but what is supported, sensible, or even practicable? How do we go about monitoring and managing SharePoint? In this session, we discuss the virtualization path and best practices using Hyper-V for high availability and why virtualization makes sense. With the foundations in place we take a deep dive on how we can monitor...

Read More

Translate our Blog

Subscribe to our Blog


Microsoft MVP

Cisco Champion


Veeam Vanguard

Follow me on Twitter

Follow @SuperCristal1 on Twitter