Update 1605 for Configuration Manager Technical Preview – Available Now!


We are happy to announce that Update 1605 for Configuration Manager Technical Preview is now available. New and updated features include:

  • Windows Defender Advanced Threat Protection – You can now manage Windows Defender Advanced Threat Protection (ATP) policies for onboarding and off-boarding Windows 10 clients to the cloud service and view agent health in the monitoring dashboard. Note: This requires a subscription to the Windows Defender ATP online service.
  • Enterprise data protection (EDP) policy settings – With this Technical Preview, you can create and deploy EDP policies for devices running Windows 10 Insider Preview and Windows 10 Mobile Preview builds. This includes specifying apps, defining network boundaries, choosing the restriction modes, and other EDP settings.
  • Windows Store for Business integration – The 1605 Technical Preview adds the ability to create both online and offline apps with the ability to deploy offline apps to Intune and ConfigrMgr managed devices. You can view video walkthroughs of how to set up and create apps for Windows Store for Business.
  • Server groups (previously known as “Cluster Patching”) – You can now control settings for software updates in server groups, including the order and percentage of devices that can be updated at any one time. These capabilities introduce some enhancements over our pre-release “Servicing a cluster aware collection” feature, including the ability to control the order and better monitoring.
  • Software Center experience – Software Updates and Operating Systems now have their own respective tabs in Software Center, rather than being accessible via the categories dropdown in the Applications tab.
  • Changes in the Client Data Sources dashboard – You will now find the Client Data Sources dashboard in a new location under “Distribution Status”. We added new tiles that show you the amount of clients, distribution points and PeerCache enabled clients. The tiles will show a warning icon if the client to PeerCache enabled clients ratio is less than 50%. We also added a new stacked bar graph that shows the top distributed content in your environment.
  • More progress based on your feedback in User Voice! This release includes improvements to the Install Software Updates task sequence step, including enhanced logging and a new task sequence variable to control the timeout on the software updates scan.

This release also includes the following new features for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:

  • Pre-declare corporate-owned devices -You can now identify corporate-owned devices by importing their international station mobile equipment identity (IMEI) numbers. You can upload a comma-separated values (.csv) file containing device IMEI numbers or you can manually enter device information. You can also import serial numbers for iOS devices. Imported information will set ownership of the devices that enroll as “Corporate”. An Intune license is still required for each user that accesses the service. View a video walkthrough of this feature.
  • Remote device actions experience update – The admin experience for wiping, resetting the passcode, remote locking, and bypassing iOS Activation Lock on mobile devices has been adjusted. The states of these actions are now part of the devices’ details and properties.
  • Remote full wipe for Windows 10 desktop devices – Support for remotely wiping and resetting Windows 10 desktop devices to factory settings.
  • Auto-connect app list in Windows 10 VPN profiles – Admins can specify desktop and universal applications in Windows 10 VPN profiles that automatically establish a connection with the VPN when launched on the client. Admins can decide whether or not to limit VPN traffic to the apps in the list.

More detailed step by step installation here

Windows update scan takes hours? Speed up Windows 7 scans for updates

An unlikely combination of two Windows updates can reduce scan times from hours to minutes

An unlikely combination of two Windows updates can reduce scan times from hours to minutes

If you’re experiencing Windows 7 update scans measured in hours — if not days — as I described last week, a newly discovered trick may reduce scan times to minutes. It’s an unlikely combination of two updates that has worked wonders on my Win7 PCs. Try it and see how it works on yours.


Install a COMBINATION of the following updates on Win7 SP1 — KB3138612 AND KB3145739. I found out that patching KB3145739 alone without patching the WU Client for Win7 SP1 is not enough.


KB 3138612, you may recall, is the March “Windows Update Client for Windows 7” —  exactly the kind of patch you’d expect to solve the Win7 update slowdown.

KB 3145739, on the other hand, is this month’s “security update for Windows Graphics Component” — otherwise known as MS 16-039, the security patch that (once again) fixes the way Windows handles fonts inside the kernel.

I know that sounds like combining beer and cement to make a cheesecake, but there you have it. KB 3138612 installs a new program to handle Windows Updates; KB 3145739 has a new Windows kernel. Either patch installed by itself leads to hours and hours of waiting for Windows 7 update. Installing both patches together brings wait times (on the systems I’ve checked, anyway) back to sane levels.

KB 3145739 is superseding KB 3139852 which was made famous by Noel Carboni about a month ago. That patch was fixing slow update for a lot of people. As such it supersedes a ton of other older patches and from this point of view is like a Cumulative Update.

The issue which creates slowing down of WU is that all those old patches are not removed by Microsoft after releasing the new ones and create problems for those who try to patch new installations.

To see if you have KB 3138612 (remember, this is only for Windows 7), click Start > Control Panel > System and Security > View installed updates. Click on Name to sort your vast collection of updates by name. Look under the heading Microsoft Windows for “Update for Microsoft Windows (KB3138612).” If you don’t have it, go to the KB article and download the appropriate version (32-bit versions are identified as x86; 64-bit versions are x64), then double-click on the download to install it.

To see if you have KB 3145739, follow the same procedure but look for “Security Update for Microsoft Windows (KB3145739).” If you don’t have it, you’ll need to fire up Internet Explorer (I kept getting spurious errors with Chrome and Firefox) and go to the appropriate site for the 32-bit version or the 64-bit version.

More info here: http://www.infoworld.com/article/3058260/microsoft-windows/heres-how-to-significantly-speed-up-windows-7-scans-for-updates.html

Understanding and troubleshooting Microsoft Configuration Manager OSD PXE boot

There is a new blog post:

Understanding and troubleshooting Microsoft Configuration Manager OSD PXE boot

Are you wanting to setup PXE boot for operating system deployment in your Configuration Manager environment? Or maybe you already have but are running into some issues that are preventing it from working quite the way you want? If so then we have the perfect guide for you. If you want to understand how PXE support works and is configured in ConfigMgr, and/or troubleshoot any of the most common problems you may run into, this guide is a great place to start. The topics covered include the following:

  • PXE Service Point Installation
  • Adding Boot Images to a PXE Enabled DP
  • The PXE Boot Process
  • Downloading The Boot Files
  • WinPE Boot
  • Troubleshooting common issues

You can get started with the guide here.

Known Issues with KB3148812

Known Issues with KB3148812


Hi WSUS admins, just a quick post to let you know that we’ve received word of some issues happening (e.g., WSUS admin console is inaccessible, clients can’t contact WSUS) in the wild after installing KB3148812.  It is critical functionality; however, you don’t lose anything by skipping installation until we publish media that leverages this scenario, which will not be happening this month.  For now, feel free to remove the patch if it’s causing you problems, and we’ll get to the bottom of the issues that have been reported.  If you’d like to assist in resolving this, then please Email Blog Author and we’ll follow up with you.

What you need to know about KB3148812

Windows 10 ADK TH2 fix is out – https://support.microsoft.com/en-us/kb/3143760

Windows 10 ADK TH2 fix is out – https://support.microsoft.com/en-us/kb/3143760

If you get “Windows PE initialization failed with error code 0X80220014” when you  boot up the machine through PXE and you are using the latest windows 10 ADK with version 1511  with CM 2012R2SP1 or SP2 you should test the new fix available(above)


The issue is discussed in the blog: https://blogs.technet.microsoft.com/configmgrteam/2015/11/20/issue-with-the-windows-adk-for-windows-10-version-1511/


How to determine the installed version and build number for Configuration Manager

There often comes the time you need to find out the Configuration Manager  version. You will need to find the build number, version and CU level.

What is build and version ?

The build number in 5.00.8239.1000 is 8239

The version  in 5.00.8239.1000 is 1000.
If you want to find the console version you need to go on the left upper corner  blue arrow in the console and check About

version about1

version about

Site version can be checked like this

Check the Site Version from site properties: Go to Administration -> Site Configuration -> Sites, then right-click the site and select Properties.

version site

The steps above can also be achieved by running the following SQL query

select SiteCode,BuildNumber,Version from sites

The output will look like this:

version sql

As you might have noticed, the current CU level is missing.

To check the actual version  (site version+ current CU level) can be checked in the registry:Check the version in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup\CULevel


System Center Configuration Manager