MVPDays 2014 Sessions are now Online

Great news everyone the sessions from MVPDays 2014 are online and available.     Don’t forget to register for this year’s roadshow at   We also have a Facebook Fan site at   Thanks for your support everyone!  ...

Read More

25 Steps that will save your bacon when migrating from Windows 2003 to 2012 R2

Are you still struggling to get rid of your existing Windows 2003 Servers? Did you forget that July14, 2015 is the END? For more information you can go to:     Here is what we have been doing with our customers at a high level to fast track them off of their aging infrastructure. Follow these 25 steps and you will be able to migrate from Windows 2003 like a champ! Let’s take a Server that is running Windows 2003 and is a Domain Controller, DHCP, DNS, and some File Services. Build a new Windows 2012 R2 Server (Make sure you fully patch it) Join it to the Domain Install the AD, DHCP, DNS, and File Services (Including De-Duplication) Roles. Logon to the Existing Windows 2003 Domain Controller and stop the DHCP Server Service. Copy the DHCP Database from the from Windows 2003 (%windir%\system32\dhcp\dhcp.mdb) to the new Windows 2012 R2 Server (c:\Export\DHCP\dhcp.mdb) Make sure you only grab the DHCP Database and not the associated log files. Note: This will take all of the associated Scopes from the old server to the new one. It is a complete cutover. If you need to take individual scopes you should use netsh or the Server Migration Toolkit. Export the DNS Configuration for all of the Standard Primary and Secondary Zones (Forward and Reverse). To do this export the DNS Registry keys...

Read More

Microsoft Intune Step by Step for Small Businesses with Office365

Many organizations today struggle with securing the plethora of devices that are used for business purposes, regardless of their size. Even users that have company-provided computers and phones will often still use their personal devices to some degree. For small businesses, many of whom have no computer/device management, this presents a problem in protecting company-sensitive data without a cost-effective solution. For organizations that use Office365, Microsoft Intune can be easily added with little effort. Its user-subscription model follows the same process as adding Office365 e-mail accounts, using the familiar Microsoft Online interface. NOTE: This guide is for small businesses that DO NOT use System Center 2012 Configuration Manager. The process for integrating Intune with Configuration Manager is different, which will be discussed in a later post. Step 1: Microsoft Intune has a full featured trial for up to 100 users, which is perfect for small businesses. The first thing we need to do is create an Intune account. Go to and click the Try Now button on the top right, click Sign In and use the same UserID that was used to create the Office365 account, then click Try Now on the confirmation page. Step 2: After the account has been created, you will be brought to the Dashboard of the organization’s Microsoft Intune portal. On the dashboard you will see a rather large banner, suggesting that you...

Read More

Register for the MVP Virtual Conference Today

Register to attend the Microsoft MVP Virtual Conference     I wanted to let you know about a great free event that Microsoft and the MVPs are putting on, May 14th & 15th.  Join Microsoft MVPs from the Americas’ region as they share their knowledge and real-world expertise during a free event, the MVP Virtual Conference.   The MVP Virtual Conference will showcase 95 sessions of content for IT Pros, Developers and Consumer experts designed to help you navigate life in a mobile-first, cloud-first world.  Microsoft’s Corporate Vice President of Developer Platform, Steve Guggenheimer, will be on hand to deliver the opening Key Note Address.   Why attend MVP V-Conf? The conference will have 5 tracks, IT Pro English, Dev English, Consumer English, Portuguese mixed sessions & Spanish mixed sessions, there is something for everyone! Learn from the best and brightest MVPs in the tech world today and develop some great skills!   Be sure to register quickly to hold your spot and tell your friends & colleagues.   The conference will be widely covered on social media, you can join the conversation by following @MVPAward and using the hashtag #MVPvConf.   Register now and feel the power of...

Read More

Setting up Azure AD Connect Public Preview

QUICKPOST…. Hey there I wanted to write up a quick note on a new way to connect your on premise Active Directory to Windows Azure. It is called Azure AD Connect and can be is now available for download.   Basically you can now connect your On-Premise Active Directory to Azure in less than an hour. This is a big change from the previous configurations that required AD Federation components and some experience with the services to get them up and running.     To install you simply download the installer from the connect preview site and run it on a Server in your environment. For my example I have chosen to install this directly on one of my Domain Controllers named TCCALDC10. Locate the Installer and run AzureADCConnnect.msi Accept the EULA and click Continue Click Install to install the required Pre-Reqs Configured the SQL Server Name, Service Account and Default Groups Now I had already previously created an Azure AD Account. I simply used this to connect. This account needs to be in the Global Administrator Role Click on Use express settings to continue the setup Now enter a Service Account that will have Enterprise Administrator rights in Active Directory and click Next Last step click Install to complete the installation And there you have it… I tested in Azure AD and my accounts are now there....

Read More

Taking Hydration to the Next Level – Part 4 – ViaMonstra SCCM Post Configuration

During the process of building the outline for our book Advanced Windows Deployments using 1E Software Emile and myself decided that it was really important to emulate a production environment. Most of the scenarios we had seen were simple configurations using a bare ConfigMgr environment. As such I decided to spend the time to write a proper ConfigMgr hydration script that would build all the necessary Packages, Programs, Collections, Deployments and settings required to follow along with our book. This was no small task as it took a little over 4 months of testing and development to figure out...

Read More

Taking Hydration to the Next Level – Part 3 – ViaMonstra SCCM Post Configuration

This is the last video that will cover the ViaMonstra Post Configuration tasks required to get the Hydrated environment working. In this video we will focus on creating the required Firewall Exclusion Group Policies, enable the Client Push Account and give our ConfigMgr Client Push Account local admin rights on each workstation in ViaMonstra. I hope you enjoy the video and as always we welcome your feedback and comments. Thanks, Dave   Check out our book on Amazon  ...

Read More

Taking Hydration to the Next Level

For a number of years now, Johan Arwidmark has been publishing Hydration Kits from his site. Hydration is the process of automating the build of an environment, either lab or production.  This is important because it provides a consistent implementation process that eliminates the possibility of misconfiguration, and quickly speeds up the creation of components that are often prerequisites to the solution you are testing. While writing our Advanced Windows Deployments book, we created some scripts that further extend Hydration.  Today we will show you the first one of these, which we run on the Hyper-V host to...

Read More

Installing System Center Configuration Manager 2012R2 Cumulative Update 4 Step by Step

The first step to install Cumulative Update 4 is to download the actual CU4 update binaries, which can be acquired by going to and clicking on the Hotfix Download Available link, selecting the appropriate file (there’s only one) and providing your e-mail address. You will shortly receive an automated message from with the download link for a self-extracting executable. Save it to your machine and double-click 482009_ENU_x64_zip.exe to extract CM12-R2CU4-KB3026739-X64-ENU.exe to your Downloads folder, which is the one that we will need to copy to our Configuration Manager Site Server. As with all updates for Configuration Manager, these should be applied in a top-down fashion. If you’re in a really large organization that has a CAS server, the change needs to be applied there first. If not, we will copy it right to the Primary Site Server. We now need to log onto the Primary itself, and ensure that the console is closed. Before proceeding, ensure a Checkpoint is taken of the VM. This will allow us to revert the CU4 install and remediate any issues for a clean installation. Next, navigate to the location where CM12-R2CU4-KB3026739-X64-ENU.exe was copied and double click to launch the wizard.   Click Next, accept the License Terms and click Next again to bring you to the perquisite page. Address any warnings or errors here (a reboot is often required), and proceed...

Read More

System Center Configuration Manager 2012R2 Cumulative Update 4 PowerShell Fixes and Additions

Cumulative Update 4 for System Center 2012 R2 Configuration Manager included many additions and changes to the PowerShell cmdlets that are used to manage the environment.  Here is a list of all the additions, fixes, and changes to cmdlets used for CM12R2. The following issues with PowerShell CM12 cmdlets have been resolved with CU4: – Add-CMDeploymentType When a deployment type is used that imports its information (such as AppV), the DeploymentTypeName parameter is ignored. The WindowsPhoneStoreInstaller parameter creates incorrect deployment types. This is a regression from Cumulative Update 1. Invalid locations can be specified incorrectly for the following deployment types: Windows Phone Store Google Play Store Apple Store You can configure the following as DownloadContentAsStreaming: MSI deployment Windows .appx type OnSlowNetworkMode values –  Add-CMDeviceAffinityToUser User-device affinity for nonprimary users cannot be set on devices. For example, such users can be users who are discovered through Active Directory. –  Add-CMDistributionPoint An expired CertificateExpirationTimeUtc can be specified. –  Add-CMFallbackStatusPoint StateMessageNum values are not validated against the acceptable range (100 to 100,000). –  Export-CMPackage Incorrect errors are reported when ExportFilePath is in an unexpected format. –  Get-CMSoftwareUpdate The Id parameter that allows for querying for software updates by ID value is missing. –  Get-CMStatusFilterRule No results are returned if the Name parameter is not specified. Get-CMUser Inconsistent object types are returned (SMS_CombinedUserResources or SMS_Collection-based object), depending on input parameters. This is a regression from the release version of System Center 2012 R2 Configuration Manager. See Get-CMUser notes in the...

Read More

System Center Configuration Manager 2012R2 Cumulative Update 4 Released!

Cumulative Update 4 for SCCM 2012 R2 was release by Microsoft on January 29, 2015. Along with issues fixed by the previous Cumulative Updates, CU4 provides support for App-V 5.0SP2 and specifically addresses the following: Software distribution – After a Configuration Manager 2007 distribution point is upgraded and assigned to a Configuration Manager 2012 secondary site, packages are listed as Unknown in the Content Status node of the Administrator Console. – Internet-based clients cannot download content from an Internet-facing distribution point after first they first encounter a failure to reach Windows Update. – Applications that use dynamic variable lists are not installed in System Center 2012 Configuration Manager – Adding or deleting a deployment to a software update group results in policy evaluation for all deployments within the group instead of the deployment that changed. Operating system deployment – The wrong software update for an operating system image may be selected the list of items that are returned in the Schedule Updates Wizard is sorted. – Task sequences that contain Windows 8.1 as a condition on the Options tab generate an exception when they are changed or accessed. – Child sites will not process the content for a task sequence that was changed after migration from another site. Note: This fix applies only to task sequences that are not yet migrated. Task sequences that were migrated before you applied CU4 should be deleted and then migrated...

Read More

Top Level Limiting Collections for Configuration Manager 2012

Having been through quite a few CM07 to CM12 migrations over the past few years, one of the things that I have seen heavily used in previous versions is nested collections, which had a similar functionality in SCCM as nested groups in Active Directory. However, this option has been removed with CM12, leaving administrators to re-think their collection hierarchy practices. Proper folder management is a large part of that, especially in larger organizations, but top level collections are still just as important, if not more, in the new version of Configuration Manager. The main reason for this is that we use these top level collections to limit the memberships of the operational collections that we (and our support staff) use on a daily basis. We group machines together in large criteria to limit deployments, reports, as well as implement security access for those that use Configuration Manager. When creating collections in Configuration Manager 2012, and when viewing the Membership Rules tab afterwards, there is an option to Use incremental updates for this collection. I strongly caution on the use of this button, as enabling it on more than a hundred collections can create drastic performance issues in your environment. As a general rule, I will use incremental updates for my top level collections only. Here are a few of the top level collections that I like to implement for...

Read More

Dynamic Server Collections for Managed Endpoint Protection in Configuration Manager 2012

One of the reasons why I really like System Center Endpoint Protection is its ease of management. This goes double when we’re using it to manage servers, as we get to leverage all the stuff that Configuration Manager has in its database to target policies. By targeting Antimalware Policies to collections that are based upon dynamic variables, we create an easy to manage environment that automates the provisioning of exclusion and scan policies for new and existing servers. In this post I’m not going to get into the process of creating the exclusion policies. Microsoft has included templates for most of their stuff, which is what we’ll focus on today. What I will show, however, is the collections that we’re going to create and the order of the policies that will be applied. To keep things clean and manageable, I like to keep my Endpoint Protection and Firewall collections together, so in the Assets and Compliance workspace we’ll create a folder called Managed Servers under the Device Collections Node. The first collection we’ll created is for DCs, called Managed Servers – Domain Controller. Configure a Query Rule with the following statement: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.DomainRole >= 4   Next is Managed Servers – DNS with a Query Rule to check for the service: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SERVICE...

Read More

Patching Images in Configuration Manager 2012 to Reduce Deployment Time

In my previous post, we went through the process of using Automatic Deployment Rules to create a fully automated patching process, complete with a pilot period, ideal for SMB customers. We’re now going to take those same patches and apply them to our Gold Image. This will reduce deployment times and frequency of Gold Image rebuilds, while maintaining a high initial patch level for newly deployed operating systems. Note that in order for the following process to work, you have to have Software Updates configured in your environment, and have used it to patch workstations with a similar OS as the image we wish to service. It will also only work with Microsoft updates, and even those have to be Component Based Servicing updates, so not everything is able to be added with this method. To patch our Gold Image, we need to expand the Operating Systems node in the Software Library and click on Operating System Images, then selecting our Gold Image. From the Ribbon, we’re going to click on the Schedule Updates button. I haven’t patched my Windows 8.1 image yet, so there’s quite a few in the screenshot.   Next, Next, Finish through the rest of the pages, and the servicing process begins. We’ll monitor the process from the OfflineServicingMgr.log file. As we can see, it’s ultimately just using DISM to mount the WIM and inject...

Read More

MVPDays Session – Advanced Windows Deployments

This was a session that I did in Vancouver in September 2014 at MVPDays Session – Advanced Windows Deployments Presenters – Dave Kawula MVP / Emile Cabot You asked for a real world scenario for Advanced Windows Deployments and that is what we have created.   This book is based on Dave/Emile’s new book called Advanced Windows Deployments (On the shelf in early October). You will learn how to trim down SCCM Infrastructure to a Single Server and deploy Windows to branch locations without shipping a single USB Stick or piece of hardware.   Central Management is a key focus of...

Read More

MVPDays Session – Best Practices for Virtualizing and Managing SharePoint with System Center and Hyper-V

This was a session that I did in Vancouver in September 2014 at MVPDays. Session – Best Practices for Virtualizing and Managing SharePoint with System Center 2012 R2 and Hyper-V Presenters – Dave Kawula MVP / Marcos Nogueira MVP SharePoint 2013 is now a company standard, but what is supported, sensible, or even practicable? How do we go about monitoring and managing SharePoint? In this session, we discuss the virtualization path and best practices using Hyper-V for high availability and why virtualization makes sense. With the foundations in place we take a deep dive on how we can monitor...

Read More

MVPDays Session – Designing Hyper-V the Right Way – Building a Cluster in < 20 Minutes

This was a session that I did in Vancouver in September of 2014 at MVPDays.   Session – Designing Hyper-V the Right Way – Building a Hyper-V Cluster in Less than 20 Minutes Presenters -Dave Kawula – MVP / Marcos Nogueira – MVP Have you struggled to find the right architecture for your Hyper-V infrastructure? What is the best storage, networking and backup strategy? There are plenty of ways to design Hyper-V incorrectly, but finding the right way isn’t so easy. Get expert insight with Hyper-V MVP Dave Kawula in this session to learn: · Hyper-V cluster design tips...

Read More

Windows 2003 End of Life (EOL) – Here comes trouble – Our First Windows 2012 R2 Domain Controller (Watch your Hotfixes)

Well we finally got the green light at one of my customers to upgrade them to Windows 2012 R2 Active Directory. We went through all of our due diligence and planned out the project accordingly. We took a phased approach when we would take the following high level steps to complete our Migration:   Create a new Conceptual Design for Active Directory 2012 R2 – Done! Create a new Detailed Design for Active Directory 2012 R2 – Done! Create a test plan to ensure we could validate everything before moving to production – Not Done! Customer didn’t have a...

Read More

Routing Mod for Johan’s Hydration Kit

I wanted to show a really cool routing Modification that I have built to Johan’s Hydration Kit. His kit can be downloaded from and is widely used by ConfigMgr professionals all over the world. One of the challenges I face with these labs that they don’t really emulate production networks (MPLS, Internet, etc). So I have written a very cool little script that takes one of the machines that is built during hydration and turns it into a Router / Firewall using RRAS on Windows 2012 R2. This is version # 1 of my script and I will...

Read More

OSDWeek with Johan Arwidmark and Dave Kawula

There are two main technical factors with implementing a new Operating System across your enterprise: Ensuring you have an infrastructure that can support the migration process, and acquiring the expertise to upgrade your end user workstations with minimal effort. Of course, this transitions into the ever-present “build or buy” question. Regardless of the path an organization chooses to take when initiating an SOE upgrade, it is critical that internal resources be fully trained on the solution. In the past, it was simple enough to send the team on a Microsoft course or bring a trainer in to go through the product. Today however, organizations are reaping the benefits of third party solutions for core products, and have heavily customized environments. Learning the “textbook” method of a product like Configuration Manager does little more than form a baseline from which to start. By incorporating some quality tools, you see a reduction in server, operating, and support costs, while providing a familiar self-service portal to your end users…not just for software requests, but to schedule their OS upgrade as well. Unfortunately, the only third party training typically offered to a team is during product implementation. When the time comes to plan the next SOE upgrade, technology has changed and possibly staff as well. During OSDWeek, Johan teaches you how to optimize your infrastructure to support the migration to Windows 7/8.1. He...

Read More

Deploying Windows 8.1 to SMBs using Nomad Branch Step by Step

In the first post in this series, we created an OSD Task Sequence that is ideal for the SMB market. We touched on some of the automation options available with MDT, and were ultimately able to deploy operating systems to machines at the main office. Our next step is to make this Task Sequence deployable to branch workstations so they don’t need a nearby Distribution Point, PXE Service Point, or State Migration Point. To do that, we’ll update a copy of the Task Sequence with some integrations that come with 1E Nomad. But first, let’s right click on our Task Sequence from the first post and choose Copy. We’ll append -Nomad to the task sequence name, so it looks like this: Once we have our copy, we’ll go in and edit the new sequence. However, before we start adding the Nomad injections, we need to fix a problem that Nomad will have with Bare Metal Deployments. When a brand new computer begins Task Sequence Execution, it will first partition and format the drive. The Task Sequence will perform some actions, and then ultimately format the drive again. This is a problem, as we’ve already started caching packages and created references to files that will be force-removed. Therefore, we need to get all the format stuff taken care of at the beginning. To do that, we’ll simply move the Format...

Read More

Deploying Windows 8.1 to SMBs using Configuration Manager 2012 R2

This is the first post of a series that will walk you through the process to create a Task Sequence in Configuration Manager 2012 R2 that can be deployed for all scenarios (Bare Metal, Refresh, Replace). It uses MDT 2013 to augment the sequence and provide some location-based automation rules. To provide full OSD functionality to branch locations without the need for servers, in the next post we will go through the process to create a second Task Sequence specifically for Nomad-enabled sites. The third post goes over how to configure Automatic Deployment Rules to maximize workstation patching with minimal effort. Though not specifically related to OSD, a solid patching design will eliminate the need to perform Software Updates during a Task Sequence, further reducing execution time. There are a few prerequisites and assumptions that must be in place before we get started with our Task Sequence creation and tuning. The Configuration Manager environment must be healthy, and MDT 2013 installed and integrated with CM12. We also need to have an image to deploy with our new Task Sequence, along with Drivers and Packages. For most small organizations, it’s pretty common to see included in the gold image all the corporate used free apps, like PowerPoint Viewer, and software that has been purchased for the entire company, such as Microsoft Office. Usually the image is created using MDT, as...

Read More

Translate our Blog

Subscribe to our Blog


Microsoft MVP


Nutanix NTC

Veeam Vanguard

Follow me on Twitter