Creating a Prestaged image using Configuration Manager 2012 R2

August 15, 2014 Leave a comment

As of late I have started to see more and more organizations take advantage of providing an image to the organizations hardware vendor to save time in deploying the image out to their systems. The goal is to have the image already on the systems so that when the systems arrive on site at the organization, they will just continue with the task sequence.

This post will walk through the steps to .wim file that can be applied to a bare-metal system either on site or from your hardware vendor. The post will then show the continuation of the process once the system is on site.

Create the prestaged media

Browse to the Software Library and expand Operating Systems. Right click Task Sequences and select Create Task Sequence Media.


The Create Task Sequence Media Wizard window will open.
Select Prestaged media and click Next.


Select how media finds a management point. In this example I chose Dynamic media. Click Next.


Specify the information for the media file. Click Next


Select the security settings for the media. In this example my lab is running with certificates.


Browse for the task sequence. The selected task sequence will reference content.

Select the boot image to be used.

Note: This must be the same boot image as referenced in the task sequence above.


Select the image package that will be applied as part of the prestage wim.


If any applications are needed, select those.


Select content packages to add.


If you are using driver packages, select those.


Specify the distribution point(s) for the media.


Customize the task sequence media


Confirm the settings


Importing the prestaged image into Configuration Manager

Browse to Software Library expand Operating Systems and right click Operating system Images. Select Add Operating System image.

Browse to the path of the .wim file created in the previous steps. Click Next.

Provide the details and click Next.

Review the summary and click Next.

Deploy this image to your distribution points.

Creating a Task Sequence to deploy the prestaged image to a computer

Since I do not have a hardware vendor for my lab, and everything is virtualized, I am providing the steps I used to apply the In this section I am providing the steps I used to apply the wim image similar to how it would be applied to a bare-metal system.

I have created three tasks. First we need to format and partition the disk.

Next we need to apply the prestage wim file.

Lastly we want to shutdown the winPE.

Staging a system with the prestage image

Now that we have the task sequence ready, boot up the virtual machine and select the Prestage task sequence.

The Task Sequence will begin to apply the wim. When the Task Sequence has completed, the system will power off.

Continuing the image post prestage

Now that we have the prestage image applied to our system, we can power up the system. The system will load into the boot environment. Select the Task sequence for continuing the imaging process.

Note: My windows 7 x64 Enterprise Task Sequence was created using the MDT 2013 integration.

 

The process will continue to finish applying the needed settings.

Once it is completed, you should be at the CTRL + ALT + DELETE screen.

 

 

 



Categories: ConfigMgr 2012

Operations Manager 2007, 2007R2, 2012, 2012SP1, 2012R2 Hotfixes

August 12, 2014 Leave a comment

Below are the hotfixes and cumulative updates for all versions of Operations Manager and the versions to which they apply.

This post will be continuously updated as new hotfixes become available. Some of these updates are required based on certain conditions. I do not recommend installing each and every single one of these. Please read the KB article and install them only if you are experiencing the problem described in the KB article.

Last Updated 10/30/2014

2007 RTM

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

2007 SP1

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

954643 Event ID 31569 is logged after you install a management pack that includes reports on a System Center Operations Manager 2007 SP1 server or on a System Center Essentials 2007 SP1 server

Cumulative Updates

2028594 Description of System Center Operations Manager 2007 Cumulative Update 1

2007 R2 RTM

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

2590414 You are prompted for the latest version of the Microsoft.SystemCenter.Library management pack when you try to edit a new management pack in Operations Manager 2007 R2

Cumulative Updates

979257 System Center Operations Manager 2007 R2 Cumulative Update 2

2251525 System Center Operations Manager 2007 R2 Cumulative Update 3

2449679 System Center Operations Manager 2007 R2 Cumulative Update 4

2495674 System Center Operations Manager 2007 R2 Cumulative Update 5

2626076 System Center Operations Manager 2007 R2 Cumulative Update 6

2783850 System Center Operations Manager 2007 R2 Cumulative Update 7

2012 RTM

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

Cumulative Updates

2674695 System Center Operations Manager 2012 Update Rollup 1

2731874 System Center Operations Manager 2012 Update Rollup 2

2756127 System Center Operations Manager 2012 Update Rollup 3

2785681 System Center Operations Manager 2012 Update Rollup 4

2822776 System Center Operations Manager 2012 Update Rollup 5

Update rollups 6 & 7 did not contain any updates for Operations Manager.

2012 SP1

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

Cumulative Updates

2785682 System Center Operations Manager 2012 SP1 Update Rollup 1

2802159 System Center Operations Manager 2012 SP1 Update Rollup 2

2836751 System Center Operations Manager 2012 SP1 Update Rollup 3

2879276 System Center Operations Manager 2012 SP1 Update Rollup 4

2904730 Description of System Center 2012 Service Pack 1 Update Rollup 5

2929885 Description of Update Rollup 6 for System Center 2012 Operations Manager Service Pack 1

2965420 Update Rollup 7 for System Center 2012 Operations Manager Service Pack 1

2012 R2 RTM

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

Cumulative Updates

2904734 Description of Update Rollup 1 for System Center 2012 R2

2929891 Description of Update Rollup 2 for System Center 2012 R2 Operations Manager

2965445 Update Rollup 3 for System Center 2012 R2 Operations Manager

2992020 Update Rollup 4 for System Center 2012 R2 Operations Manager

Categories: OpsMgr 2012

A List of SCCM 2007 Post SP2 Hotfixes

August 12, 2014 Leave a comment

These may be listed somewhere else but now they are listed here too. I do not recommend installing each and every single one of these. I recommend only installing them if you are experiencing the problem described.

Last Updated: 8/12/2014

978022 Memory leak in System Center Configuration Manager 2007 SP2 if the distribution point role is enabled High

981640 The “Backup ConfigMgr Site Server” task fails on a ConfigMgr 2007 site server High

977056 The memory allocation for the Wmiprvse.exe process keeps increasing when you update the membership rules of a collection frequently on a computer that is running System Center Configuration Manager 2007 SP1 or SP2 High

982399 A System Center Configuration Manager 2007 SP2 site server randomly stops processing status messages High

978914 The enroll.exe utility for Windows CE 5.0 mobile devices does not read the user name and password you entered in the enroll.cfg file that is used for authentication Low

978588 System Center Configuration Manager 2007 SP2 does not support mobile devices that are running Windows CE 6.0 Low

981796 Japanese characters are displayed incorrectly in the Configuration Manager console after you use ConfigMgr Site Repair Wizard in ConfigMgr 2007 SP2 Low

978759 The Compliance Evaluation report is not localized correctly on the Japanese version of the System Center Configuration Manager 2007 SP2 client Low

978021 The Distribution Manager that is in System Center Configuration Manager 2007 SP2 does not honor the “Number of retries” and “Delay before retrying (minutes)” retry settings Medium

978754 You cannot import a driver into an OSD image if the driver is signed for only the Windows 7 operating system in SCCM 2007 SP2 Medium

977203 User state migration fails on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client after you install security update 974571 Medium

979199 Files are collected incorrectly by Software Inventory or by File collection if the “Automatically adjust clock for daylight saving changes” option is changed Medium

976073 The Windows Deployment Service stops responding when you use a PXE service point on a computer that is running a System Center Configuration Manager 2007 SP1 or SP2 site server Medium

980488 Asset Intelligence does not collect the “SMS_InstalledSoftwareMS” reporting class on an SCCM 2007 client in a Windows 2000 operation system Medium

980270 The computer associations are not created by the import computer information wizard in SCCM 2007 Service pack 2 Medium

978757 The second Search paths may not discovered when you enable the Active Directory System Discovery method or the Active Directory User Discovery method that runs on a System Center Configuration Manager 2007 SP2 site server Medium

978756 Error message when you try to change a deployment template in System Center Configuration Manager 2007 SP1 or in System Center Configuration Manager 2007 SP2: “You do not have security rights to perform this operation” Medium

982203 The SMS Agent Host service crashes on a System Center Configuration Manager 2007 SP2 client computer if you connect the client to a network that has the NAP feature enabled Medium

983511 Description of a hotfix that increases the number of Asset Intelligence custom labels in System Center Configuration Manager SP2 Low

2176220 The memory usage of a Wmiprvse.exe process keeps increasing on a computer that has System Center Configuration Manager 2007 SP2 installed High

982212 A long time is required to apply a change to the properties of a direct membership collection in System Center Configuration Manager 2007 SP2 Medium

981797 The handle count and memory usage of Smsexec.exe keeps increasing in System Center Configuration Manager 2007 SP2 High

983514 Some OUs are not discovered in Active Directory System Discovery or in Active Directory User Discovery on a System Center Configuration Manager 2007 SP2 site server Medium

982400 A long delay occurs when you click “Refresh” to view the latest membership in a dynamic collection on a System Center Configuration Manager 2007 SP2 site server Low

2263826 Hotfix rollup for Asset Intelligence in System Center Configuration Manager 2007 SP2 Low

2205131 The deployment package is not available for an assigned client in a protected boundary for a branch distribution point if you enable a certain option in System Center Configuration Manager 2007 SP2 Medium

2278119 The Systems Management Server (SMS) Agent Host service (Ccmexec.exe) stops responding on a System Center Configuration Manager 2007 SP2 client computer High

2276865 The “Date modified” attribute for each file is changed after you deploy the files to a client computer by advertising a task sequence from a System Center Configuration Manager 2007 SP2 site server Medium

2213600 “You cannot import a driver package into a System Center Configuration Manager 2007 SP2 site if one or more driver files in the package are already imported into the site ” Medium

2345551 “The Active Directory system discovery process cannot detect a client if the DNS suffix of the client differs from its DNS domain name in System Center Configuration Manager 2007 SP2 ” Medium

2861663 “An update is available that adds support for Windows 8.1 and Windows Server 2012 R2 to System Center Configuration Manager 2007 Service Pack 2″

2641584 “The Delta file merge process fails when the Enable binary differential replication option is enabled in a System Center Configuration Manager 2007 SP2 Environment”

2783924 “Asset Intelligence sync point doesn’t sync with the System Center Online service after you install hotfix 2733615 on a Windows Server 2003-based Configuration Manager 2007 SP2 site server”

2678547 “An Install Software task that installs an App-V application stops responding in System Center Configuration Manager 2007 SP2″

2911369 “The System Center Online service cannot find the machine-specific certificate for Asset Intelligence in the ALM store in Configuration Manager 2007″

2935254 “Failed to create media (0x800700b7)” error when you try to create task sequence media

2678547 An Install Software task that installs an App-V application stops responding in System Center Configuration Manager 2007 SP2

2911369 The System Center Online service cannot find the machine-specific certificate for Asset Intelligence in the ALM store in Configuration Manager 2007

838655 The SMS Discovery Data Manager component may take a long time to process discovery data records after the component starts

2935254 “Failed to create media (0x800700b7)” error when you try to create task sequence media

977176 A “Run Command Line” task of a task sequence object in System Center Configuration Manager 2007 SP1 or in System Center Configuration Manager 2007 SP2 does not work on a 64-bit client

2975384 Up-to-date Forefront Endpoint Protection 2010 clients are listed in the “Out of Date” collection

2724939 SMS Host Agent service crashes and logs Event ID 1000 with exception code 0xc0000005

Categories: ConfigMgr 2007

PKI Certificates for Configuration Manager 2012 R2 – Part 4/4 (Converting Roles)

February 21, 2014 Leave a comment

Welcome to part 4 of 4 in PKI Certificates for ConfigMgr 2012 and converting the environment from http to https. In this Post I will continue to show the Step-by-Step process (found here) for configuring and requesting the certificates that will be used with the Configuration Manager 2012 R2 environment and the clients.

For the links to all the parts of this series see below

Part 1 – Web Server Certificate

Part 2 – Client Certificate for Windows Computers

Part 3 – Distribution Points

Part 4 – Converting Roles (You are here)

 

Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority

Now that we have the certificates in place, we can convert the roles from HTTP to HTTPS for that added layer of security.  From the administration pane browse to Site Configuration. Under Site Configuration, select Servers and Site System Roles.

Click the server(s) that have roles that will need to be converted. In this example I have only one server.

The roles that I will be converting are:

Application Catalog Web Service Point

Application Catalog Website Point

Distribution Point

Management Point

Software Update Point

 

 Application Catalog web service point

 

The option to change this from HTTP to HTTPS is grayed out. Uninstall and reinstall the role selecting HTTPS. Doing so will not convert the Application Catalog Website Point role. You will need to repeat this procedure for that role as well.

 

image

Application Catalog website Point

The option to change this from HTTP to HTTPS is grayed out. Uninstall and reinstall the role selecting HTTPS.

Distribution Point 

Open the General tab of the Distribution Point Properties.

image

Click Import Certificate. Specify the certificate for the distribution point and its password. Click Ok.

image

 

Management Point

The Option to change from HTTP to HTTPS is grayed out. I had to uninstall and reinstall the role.

image

Software Update Point

Open the Software update point properties. The ports should already be listed. Click Require SSL communication to the WSUS server. Choose the Client Connection Type that best fits your organization.

image

 

Converting the Site to HTTPS

Click on Site Configuration then Sites. Click on your server and choose properties. Click on the Client Computer Communication tab. Select HTTPS only.

image

Your environment should now be configured to use HTTPS.

Categories: Uncategorized

PKI Certificates for Configuration Manager 2012 R2 – Part 3/4 (Distribution Points)

December 12, 2013 Leave a comment

Welcome to part 2 of 4 in PKI Certificates for ConfigMgr 2012 and converting the environment from http to https. In this Post I will continue to show the Step-by-Step process (found here) for configuring and requesting the certificates that will be used with the Configuration Manager 2012 R2 environment and the clients.

For the links to all the parts of this series see below

Part 1 – Web Server Certificate

Part 2 – Client Certificate for Windows Computers

Part 3 – Distribution Points (You are here)

Part 4 – Converting Roles

 

Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority

1. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

clip_image002

2. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template.

clip_image004

3. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

clip_image006

4. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client authentication certificate for distribution points, such as ConfigMgr Client Distribution Point Certificate.

clip_image008

5. Click the Request Handling tab, and select Allow private key to be exported.

clip_image010

6. Click the Security tab, and remove the Enroll permission from the Enterprise Admins security group.

clip_image012

7. Click Add, enter ConfigMgr IIS Servers in the text box, and then click OK.

clip_image014

8. Select the Enroll permission for this group, and do not clear the Read permission. Click OK and close Certificate Templates Console.

clip_image016

9. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

clip_image018

10. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Client Distribution Point Certificate, and then click OK.

clip_image020

11. If you do not have to create and issue any more certificates, close Certification Authority.

Requesting the Custom Workstation Authentication Certificate

 

This procedure requests and then installs the custom client certificate on to the member server that runs IIS and that will be configured as a distribution point.

1. Click Start, click Run, and type mmc.exe. In the empty console, click File, and then click Add/Remove Snap-in.

clip_image022

  1. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

clip_image024

  1. In the Certificate snap-in dialog box, select Computer account, and then click Next.

clip_image026

  1. In the Select Computer dialog box, ensure Local computer: (the computer this console is running on) is selected, and then click Finish.

clip_image028

  1. In the Add or Remove Snap-ins dialog box, click OK.

clip_image030

  1. In the console, expand Certificates (Local Computer), and then click Personal. Right-click Certificates, click All Tasks, and then click Request New Certificate.

clip_image032

  1. On the Before You Begin page, click Next.

clip_image034

  1. If you see the Select Certificate Enrollment Policy page, click Next.

clip_image036

  1. On the Request Certificates page, select the ConfigMgr Client Distribution Point Certificate from the list of displayed certificates, and then click Enroll.

clip_image038

  1. On the Certificates Installation Results page, wait until the certificate is installed, and then click Finish.

clip_image040

  1. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that ConfigMgr Client Distribution Point Certificate is displayed in the Certificate Template column.

clip_image042

  1. Do not close Certificates (Local Computer).

Exporting the Client Certificate for Distribution Points

1. In the Certificates (Local Computer) console, right-click the certificate that you have just installed, select All Tasks, and then click Export.

clip_image044

2. In the Certificates Export Wizard, click Next.

clip_image046

3. On the Export Private Key page, select Yes, export the private key, and then click Next.

clip_image048

clip_image049Note
If this option is not available, the certificate has been created without the option to export the private key. In this scenario, you cannot export the certificate in the required format. You must reconfigure the certificate template to allow the private key to be exported, and then request the certificate again.

4. On the Export File Format page, ensure that the option Personal Information Exchange – PKCS #12 (.PFX) is selected. Click Next.

clip_image051

  1. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

clip_image053

  1. On the File to Export page, specify the name of the file that you want to export, and then click Next.

clip_image055

  1. To close the wizard, click Finish in the Certificate Export Wizard page, and click OK in the confirmation dialog box.

clip_image057

8. Close Certificates (Local Computer).

9. Store the file securely and ensure that you can access it from the Configuration Manager console. The certificate is now ready to be imported when you configure the distribution point.

clip_image059

Categories: ConfigMgr 2012

Operations Manager Hotfixes and Cumulative Updates for all versions

December 5, 2013 Leave a comment

Below are the hotfixes and cumulative updates for all versions of Operations Manager and the versions to which they apply.

This post will be continuously updated as new hotfixes become available. Some of these updates are required based on certain conditions. I do not recommend installing each and every single one of these. Please read the KB article and install them only if you are experiencing the problem described in the KB article.

Last Updated 7/30/2014

2007 RTM

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

2007 SP1

Hotfixes

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

954643Event ID 31569 is logged after you install a management pack that includes reports on a System Center Operations Manager 2007 SP1 server or on a System Center Essentials 2007 SP1 server

Cumulative Updates

2028594 Description of System Center Operations Manager 2007 Cumulative Update 1

2007 R2 RTM

Hotfixes

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

2590414 You are prompted for the latest version of the Microsoft.SystemCenter.Library management pack when you try to edit a new management pack in Operations Manager 2007 R2

Cumulative Updates

979257   System Center Operations Manager 2007 R2 Cumulative Update 2

2251525 System Center Operations Manager 2007 R2 Cumulative Update 3

2449679 System Center Operations Manager 2007 R2 Cumulative Update 4

2495674 System Center Operations Manager 2007 R2 Cumulative Update 5

2626076 System Center Operations Manager 2007 R2 Cumulative Update 6

2783850 System Center Operations Manager 2007 R2 Cumulative Update 7

2012 RTM

Hotfixes

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

Cumulative Updates

2674695 System Center Operations Manager 2012 Update Rollup 1

2731874 System Center Operations Manager 2012 Update Rollup 2

2756127 System Center Operations Manager 2012 Update Rollup 3

2785681 System Center Operations Manager 2012 Update Rollup 4

2822776 System Center Operations Manager 2012 Update Rollup 5

Update rollups 6 & 7 did not contain any updates for Operations Manager.

2012 SP1

Hotfixes

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

Cumulative Updates

2785682 System Center Operations Manager 2012 SP1 Update Rollup 1

2802159 System Center Operations Manager 2012 SP1 Update Rollup 2

2836751 System Center Operations Manager 2012 SP1 Update Rollup 3

2879276 System Center Operations Manager 2012 SP1 Update Rollup 4

2904730 Description of System Center 2012 Service Pack 1 Update Rollup 5

2929885 Description of Update Rollup 6 for System Center 2012 Operations Manager Service Pack 1

2965420 Update Rollup 7 for System Center 2012 Operations Manager Service Pack 1

 

 

 

2012 R2 RTM

Hotfixes

2878378 OpsMgr 2012 or OpsMgr 2007 R2 generates a “Heartbeat Failure” message and then goes into a greyed out state in Windows Server 2008 R2 SP1

Cumulative Updates

2904734 Description of Update Rollup 1 for System Center 2012 R2

2929891 Description of Update Rollup 2 for System Center 2012 R2 Operations Manager

2965445 Update Rollup 3 for System Center 2012 R2 Operations Manager

 

Categories: OpsMgr 2012

PKI Certificates for Configuration Manager 2012 R2 – Part 2/4 (Client Certificate for Windows Computers)

November 27, 2013 Leave a comment

Welcome to part 2 of 4 in PKI Certificates for ConfigMgr 2012 and converting the environment from http to https. In this Post I will continue to show the Step-by-Step process (found here) for configuring and requesting the certificates that will be used with the Configuration Manager 2012 R2 environment and the clients.

For the links to all the parts of this series see below

Part 1 – Web Server Certificate

Part 2 – Windows Computers (You are here)

Part 3– Distribution Points

Part 4 – Converting Roles

Creating and Issuing the Workstation Authentication Security Template

1. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

clip_image002

2. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template.

clip_image004

3. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

clip_image006

4. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client certificates that will be used on Configuration Manager client computers, such as ConfigMgr Client Certificate.

clip_image008

5. Click the Security tab, select the Domain Computers group, and select the additional permissions of Read and Autoenroll. Do not clear Enroll. Click OK and close Certificate Templates Console.

clip_image010

6. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

clip_image012

7. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Client Certificate, and then click OK.

clip_image014

Configuring Auto Enrollment of the Workstation Authentication Security Template

1. On the domain controller, click Start, click Administrative Tools, and then click Group Policy Management. Navigate to your domain, right-click the domain, and then select Create a GPO in this domain, and Link it here.

clip_image016

2. In the New GPO dialog box, enter a name for the new Group Policy, such as Autoenroll Certificates, and click OK.

clip_image018

3. In the results pane, on the Linked Group Policy Objects tab, right-click the new Group Policy, and then click Edit.

clip_image020

4. In the Group Policy Management Editor, expand Policies under Computer Configuration, and then navigate to Windows Settings / Security Settings / Public Key Policies.

clip_image022

5. Right-click the object type named Certificate Services Client – Auto-enrollment, and then click Properties.

clip_image024

6. From the Configuration Model drop-down list, select Enabled, select Renew expired certificates, update pending certificates, and remove revoked certificates, select Update certificates that use certificate templates, and then click OK.

clip_image026

7. Close Group Policy Management.

Auto enrolling the Workstation Authentication Security Template and Verifying its Installation on the Client Computer

1. Restart the workstation computer, and wait a few minutes before logging on.

2. Log on with an account that has administrative privileges.

3. In the search box, type mmc.exe., and then press Enter.

4. In the empty management console, click File, and then click Add/Remove Snap-in.

clip_image028

5. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

clip_image030

6. In the Certificate snap-in dialog box, select Computer account, and then click Next.

clip_image032

7. In the Select Computer dialog box, ensure that Local computer: (the computer this console is running on) is selected, and then click Finish.

clip_image034

8. In the Add or Remove Snap-ins dialog box, click OK.

clip_image036

  1. In the console, expand Certificates (Local Computer), expand Personal, and then click Certificates. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that ConfigMgr Client Certificate is displayed in the Certificate Template column.

clip_image038

Close Certificates (Local Computer).

Categories: ConfigMgr 2012
Follow

Get every new post delivered to your Inbox.

Join 57 other followers