Tag Archives: Sccm

Drivers Showing as Unsigned in Configuration Manager 2012 R2

A customer has a problem with importing drivers for their Surface Pro 3 devices in System Center Configuration Manager 2012 R2.

We keep noticing some of the drivers are unsigned. I immediately realized something is up as Microsoft releasing unsigned drivers isn’t going to happen. So I started digging and immediately came to KB3025419 which seems to cover my situation. My customer uses Windows 2008 R2 as the Host operating system for the Configuration Manager server and so this KB is relevant. Basically, Microsoft changed the way they signed drivers and now use a different method. This new method is different than what Server 2008 R2 recognizes and thus the change.

It affect Configuration Manager 2007, 2012 and 2012 R2 so you might see this as well down the road once hardware vendors use the new method.

Install the patches and don’t forget to reboot. A reboot is required even if it doesn’t prompt for a reboot. How do I know this, experience. Our server was patched by a different team but they didn’t reboot. The problem still persisted until the reboot.

Another thing you have to do is remove the “unsigned drivers”. This means delete the drivers that are showing unsigned before re-importing the drivers again. Once these two steps were performed we were back in business.

If you are running Windows Server 2008 R2 for your System Center Configuration Manager install you might just want to install this patch during your next maintenance schedule. As more vendors sign their drivers in the new method, you might start to see issues even if you don’t deploy Surface Pro. Of course, if you are running Windows Server 2012 R2 you probably have never saw this issue and the patches are not required.


Problems Deploying Apps with System Center 2012 R2 in an OSD Task Sequence

Onsite at one of my customer’s sites we are deploying operating systems with a Config Manager 2012 R2 task sequence (TS). The issue I was having was the applications were not installing. They were set to deploy in a task sequence without deployment so that wasn’t the issue. Looking at the log, (logs are your friend, use them) and I discovered this:

Unknown operating system build number 9600 found, setting OSVersion to 'Other'.

Ouch, what does this mean. It means my CM12 deployment has something not right with it. I don’t what the issue is but I will bring it up with Garth of Enhansoft who is an Enterprise Client Management MVP. He might have an idea on how to fix this.

In the meantime, I just changed the settings so that the software doesn’t have an OS requirement to install it. Basically I can set the package so it only installs on Windows 7 or Windows 8.1. In this case we can’t use that as we don’t know the OS.

Just change the package or app and allow it to be installed on all operating systems and it will deploy fine. Not a great solution for those trying to lock down apps to specific operating systems but it works.

Once I figure out why 9600 is not being recognized, I’ll update the post and we can all fix.


Installing and Updating Adobe Reader

I am working with a customer and assisting them with their application updates. One of the applications needing updating is Adobe Acrobat Reader MUI. This version of Adobe Reader allows it to be displayed in English or French depending on what language the user is using. Reader is also one of those pain in the ass applications that nag the user to update all the time, so getting in front of this one and updating proactively is always a good way to get ahead of the bullshit calls you’ll get to the service desk. The users shouldn’t have to be asked if they want to update. We should be managing that for them and we know if we can update based on testing those patches.

If you already have Adobe Reader installed, just follow the part in regards to the MSP file. But if you don’t have Adobe Reader installed yet, basically it’s a quick install and update. Here is the link to the Adobe ftp site if you need to download the files. ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/ When you download the Enterprise build, Adobe includes an admin customization tool, but I just ignore that crap. Seriously, unless there is a good reason to run that junk I don’t use it. In my opinion and in my case, there isn’t a good reason to use it as I don’t deviate from the standard install.



Adobe Reader Directory with install files.

Run msiexec.exe /I AcroRead.msi /q. This will install the base of Adobe reader. In my case it’s version 11.0.00. Next grab the current msp file. If you already had Adobe Reader installed, this is your starting step. These are similar to an MSI file but updates. The command to execute these is msiexec.exe /update AdbeRdrUpd11010_MUI.msp /q. This will install the update bringing the MUI up to in my case 11.0.10.

For those of you using System Center Configuration Manager as I am, there are a couple of ways to ensure the order is maintained. Out of Order will cause a failure or at least the base version of Adobe Reader without the update. Create two packages, one package with source files for the Adobe Reader install (msiexec.exe /I AcroRead.msi /q) and the second package will be the Adobe Reader MSP (msiexec.exe /update AdbeRdrUpd11010_MUI.msp /q). Once you have the packages, you have two ways you can do this.

One way to do this is to roll a task sequence with the Adobe Reader msi install first followed by the Adobe MSP patch in the next step. Advertise that task sequence to your collection and Bob’s your uncle.

The other way is to edit the program properties of the patch and tell it to run another package first. In this case, Adobe Reader will be the package you will select to run first. Save that and then the patch will be the package you advertise to your collections.


Program Properties in Configuration Manager 2012 SP1

Here is after the deployment. My machine in English language –


Adobe Reader welcome screen on an english computer.

And then changing my language to french, notice the recycle bin name. –


Adobe Reader welcome screen on a french computer.


Pushing out the Windows 8.1 Update

Windows 8.1 Update 1 came out last week. There is a way as a user you can fetch this, but if you are an admin you can push this out. Let me walk you through this. If you are running Windows 8.1 you will need to upgrade if you plan to continue receive security fixes.

Windows Update
If you are running Windows 8.1, you can use Windows update to install the upgrade from 8.1 to 8.1 U1.

If you are an admin, be aware of an issue with using SSL for WSUS and this new patch. http://blogs.technet.com/b/wsus/archive/2014/04/08/windows-8-1-update-prevents-interaction-with-wsus-3-2-over-ssl.aspx

As an admin, you simply approve the upgrade (and a patch required for the update to happen) and then your machines should start getting updates.

System Center Configuration Manager
If you are an administrator for your corporate network, you can use Software Update Services to deploy the upgrade (once its added back in to WSUS again for synching) or you add the whole Windows CD as an application to SCCM 2012 R2 or any version that support Windows 8.1 as a client. You will want to invoke setup with the setup with /auto:upgrade and make it available to users via the software center.

Happy installing.

Managing Drivers in Task Sequences with System Center Configuration Manager 2012

When of the question I always get when deploying Windows whether it be Microsoft Deployment Toolkit or System Center Configuration Manager is how to I properly deploy drivers.

Now there is no right or wrong way, but I always steer people away from putting them in one big folder and letting the OS figure out which to use. Have you ever seen a Dell using an HP Driver? Been there so here is a flashback of a back post of how to manage drivers in MDT.

Let’s take a quick look at how to clean this up in System Center Configuration Manager. Basically add your drivers and put them into folders and then add them in as driver packages.

Then when setting up your task sequences, add a section where it evaluates the machine type and if it matches, apply the drivers.

Here is a screen shot of a task sequence in System Center Configuration Manager I did for a customer.

System Center Configuration  Manager SCCM Task Sequence Drivers

What happens here is as the task sequence continues along, it checks to see if the drivers need to be applied based on a WMI query. To get this information use WMIC to pull out the model information.

Further along we install applications that are drivers, but poor ones in that they need to be installed. Again we use a WMI query to only install the application if it matches the make and model of the device we specify.