2017-06-12-bios-uefi-myitforum

If you have started a Windows 10 migration in your corporate environment, you’ve probably heard about MBR2GPT.exe, the tool that helps convert the disk layout on a PC from the legacy Master Boot Record (MBR) to GUID Partition Table (GPT). While the tool was introduced in the Insider Preview versions, it is officially supported in Windows 10 1703 (also known as the Creators Update). MBR2GPT.exe is the only Microsoft-supported way to convert a production disk (one with data already on it) from MBR to GPT without data loss. The tool can be run from an administrative command prompt after an in-place upgrade to Windows 10 1703, or in the Windows PE (WinPE) environment. Furthermore, older versions of Windows 10 (v1511 and v1607) can be converted using the tool if booted into WinPE.

If a drive is protected with BitLocker encryption, then you will need to suspend BitLocker before converting. After conversion, delete the existing protectors (PIN, Password, Certificate, etc.) and recreate them to resume encryption. If you are using third-party disk encryption, you need to work with your ISV. It’s the only sure way to determine the minimum requirements to successfully convert disk partitions without triggering a device lock or brick while keeping the drive encrypted.

How Does It Work?

Converting within Windows

To start the conversion within Windows, open an administrative command (or PowerShell) prompt. To see the full list of command line switches that can be passed to the tool, type mbr2gpt.exe /? Or mbr2gpt.exe /help.

mbr2gpt-01
(Tap or click for larger view)

The correct syntax to run the conversion tool within a Windows session is

mbr2gpt.exe /convert /allowFullOS

mbr2gpt-02
(Tap or click for larger view)

If you simply want to validate the disk (run a check without converting), then just replace the /convert switch with /validate.

mbr2gpt.exe /validate /allowFullOS

mbr2gpt-03
(Tap or click for larger view)

Converting within WinPE

To convert disk layout in WinPE, use a Run Command Line action with the following syntax:

cmd.exe /c mbr2gpt.exe /convert /disk:<disknumber>

mbr2gpt-04
(Tap or click for larger view)

What If I’m Refreshing or Replacing the PC?

If you’re re-installing Windows to the current disk, or if you’re replacing the drive or computer, you will not be using the MBR2GPT.exe tool. If the system is booted in UEFI mode before the Format and Partition Disk step happens in the Install Operating System group, the Task Sequence engine will happily format the disk for GPT. If you have created a sequence that restores user data, it will still be able to be restored.

What Are the Limitations?

The first and perhaps most important limitation is that MBR2GPT.exe is not the same thing as “BIOS to UEFI”. MBR2GPT.exe is a tool to convert partition layout while BIOS to UEFI is the process of converting a system’s firmware mode from BIOS to UEFI.

While MBR2GPT.exe can be run from the full OS, or in WinPE, it should be run before the conversion of BIOS to UEFI during an in-place upgrade and most preferably in WinPE. If the tool is run after the firmware mode is converted, and for some reason is unsuccessful with the conversion, the device will essentially be bricked until the PC is manually converted back to BIOS mode.

If you are performing a PC refresh or replace, the PC should be converted before the “Format and Partition Disk” step runs in the Install Operating System Group. It is possible to do this later in the sequence, but this route is more reliable. This is because this group has two Format and Partition actions with variables on them that read whether the PC is in BIOS mode or UEFI mode and formats and partitions the disk accordingly. As you can see below, the top image depicts what the Task Sequence engine will do to the disk if the PC is running in BIOS mode, and the bottom image shows what it will do to the disk if it is in UEFI mode. The most important takeaway is that BIOS mode means the disk will be formatted in MBR layout, and UEFI means it will be formatted in GPT layout.

mbr2gpt-05
(Tap or click for larger view)
mbr2gpt-06
(Tap or click for larger view)

Legacy versions of Windows aren’t officially supported. If you successfully convert the partition type into GPT layout, you’ve stepped out of the realm of support. Typically, “not officially supported” means it can likely be done, but it isn’t well tested internally, so you’re on your own if something goes wrong or if you have questions. It would be better to upgrade the system to a version of Windows that is supported.

Once the disk layout has been converted, you cannot undo it. Furthermore, if the layout was performed during an in-place upgrade, you will not be able to go back to a previous version of Windows. I was able to test and validate this limitation in all three major PC vendors (Dell, Lenovo, HP).

To use the tool, the disk to be converted needs to have less than four partitions (meaning three partitions is the maximum). In testing the conversion tool, it was noted that Dell models create an extra recovery partition during an in-place upgrade, which can cause the conversion tool to fail if you hit the limit of partitions before the upgrade runs. To get around this, I deleted all recovery partitions, leaving the PC with only two partitions. During the in-place upgrade, the Dell PC created a third partition (as expected) that didn’t cause the conversion tool to fail. The HP and Lenovo models I tested did not create extra partitions during the in-place upgrade.

If you are going to use one sequence to handle all hardware models, ensure that you are supplying the correct driver package for the model running the upgrade and that the engine can read and process the variable. If the variable you set on your driver package is incorrect, setup.exe will not use it. While the discussion about why you need to provide driver packages during an in-place upgrade is a bit off topic, it is important to note. It matters because some of the vendor models that I tested failed the MBR2GPT.exe conversion later in the in-place upgrade when I did not also provide driver packages to them. This may not be true for every vendor model, but it happened consistently enough in my testing to be deemed important to take note of.

How Do I Check What Partition Type My Disks Are Using?

Open an administrative command prompt and type the following:

diskpart

select disk <disk number>

list part

sel part <partition number>

detail part

If the disk is using MBR partition type, it will display 07 for the type in the detail part command as pictured below on this Windows 7 PC.

mbr2gpt-07
(Tap or click for larger view)

diskpart

list disk

Any disk with an asterisk under GPT in the table is in GPT layout as pictured on this Windows 10 PC.

mbr2gpt-08
(Tap or click for larger view)

Troubleshooting

When the MBR2GPT.exe tool is run, it creates four logs in the %windir% directory (C:\Windows). The four logs are setuperr.log, setupact.log, diagerr.xml, and diagwrn.xml with setuperr.log having the most detailed information. In the example below, I ran the tool and saw in setuperr.log that it failed because there are too many partitions.

mbr2gpt-09
(Tap or click for larger view)

A full list of error codes for the tool can be found on TechNet under the Return Codes section here docs.microsoft.com. Note that these error codes are specific to the tool itself and shouldn’t be confused with error codes that the Windows 10 setup or the Task Sequence engine may throw.

Real-World Applications

If you would like readymade sequences that handle both MBR2GPT.exe and BIOS to UEFI for both PC refresh/replace and in-place upgrade scenarios, I have created a document that walks through the setup of both scenarios on Adaptiva’s SCCM Academy. The community solution is free, and includes two Task Sequences that can be imported into your environment. It’s up to you to provide all the dependencies (1703 Boot Image, Vendor Tools for BIOS to UEFI, etc.). However, these are working sequences that I have run against all three vendors in my lab, and they could save you days of works.

You can download the Secure 10: BIOS to UEFI 2017 Update Document and Task Sequences from: http://www2.adaptiva.com/l/139131/2016-07-18/j7lfk.

Happy migrating!

https://drive.google.com/file/d/0B9QRmfO509o6WFF2WXdfd2xTOWs/view

resources-ami-castoAmi Casto is the technical evangelist for Adaptiva. If you have questions or problems using these task sequences, tweet her at @adaptivaami.

Screen Shot 2017-04-12 at 10.22.26 AM

If you are an IT professional responsible for maintaining thousands or millions of Windows endpoints, questions like this may be keeping you up at night:

  • Are you sure all your applications—security, in-house and third-party—are current, configured correctly and running successfully?
  • Do you know if all your Windows endpoints are operating within company policies for privacy, security and regulatory compliance?
  • If you discover a security breach or vulnerability, do you a have the ability to quickly find out which machines are affected, and automatically remediate them across a global enterprise?

When you combine SCCM with Adaptiva Client Health™, you can rest easy.  Adaptiva Client Health lets SCCM handle those things quickly, easily and automatically. Some of the largest companies in the world, including many in the Fortune 500 and Global 1,000, are using Client Health. One international bank runs 800,000 health checks on its endpoints daily to instantly detect and remediate possible issues.

Client Health At-a-Glance

When SCCM 2012 was released, Microsoft included a tool called CCMEval (a.k.a. SCCM Health Checks). It includes pre-defined health checks and remediations aimed at maintaining the health of SCCM client agent itself.

While Adaptiva Client Health comes with over twice as many pre-built health checks and remediations as SCCM, static checks are just a tiny fraction of what Adaptiva Client Health does. This table provides a quick look at what Adaptiva adds to SCCM.

Screen Shot 2017-04-12 at 10.38.04 AM

Custom Health Checks and Remediations

While SCCM Health Checks are limited to a pre-defined set of checks and remediations, Adaptiva Client Health provides a visual WorkFlow Designer and Engine. Workflows are easy to build and simple to deploy. Adaptiva Client Health can quickly detect, troubleshoot and remediate issues across hundreds of thousands of systems—all automatically. This table shows some basic capabilities, but the possibilities are limitless and can be infinitely more powerful.

Screen Shot 2017-05-01 at 3.06.31 PM

Summary

For smaller companies concerned only with the health of the SCCM client itself, and running Microsoft security technologies exclusively, the native SCCM Health Checks may meet your limited needs. For companies looking to maintain the health and security of all settings and applications, as well as Windows itself, Adaptiva Client Health gives SCCM true global health automation. Adaptiva also gives administrators the flexibility to easily create their own checks and remediations as new endpoint health, security and compliance issues arise. Also, if a company is using third-party security software, Adaptiva can ensure your endpoints are properly secured.

For more information about how Adaptiva Client Health can help you rest easy, request a free product demo.

Screen Shot 2017-04-12 at 10.22.47 AMBill Bernat is the director of product marketing at Adaptiva.

training

Tomorrow, Friday, August 14th, there will be free online training event for Windows 10 in the Enterprise hosted by Microsoft Technical Evangelist Simon May.

 

The methods for provisioning and managing devices are changing rapidly with Windows 10.   There are opportunities to drastically rethink the way devices receive compliance settings, software, and updates which allow IT organizations to be far more agile than they have been. Improvements to Azure AD Domain Join, Microsoft Intune, and a slew of other cloud technologies also have the potential for changing the way IT challenges had been overcome in the past.

 

Check this session out for everything you need to get your IT organization ready for Windows 10 in the enterprise. Simon will talk about changes to deployment, servicing, and new features that IT departments will want to be on top of.

 

Register for the live online Windows 10 Jumpstart training with Simon May

 

While many enterprises have traditionally had a slow (or very slow) approach to testing and deploying new operating systems, Microsoft hopes to shatter that old paradigm with Windows 10.  Incredibly significant engineering investments have been made to enable highly successful in-place upgrades to Windows 10 from Windows 7 and Windows 8.1.  This means that starting to test and deploy the new operating system no longer requires full wipe and reloads, and business areas can identify devices for production pilots with minimal effort.

I hope that helps,

 

 

Nash

 

 

Hi All, Today I’m pleased to inform that the new beta version (v0.02) of the System Center 2012 R2 Configuration Manager Dashboard (CM12R2Dashboard) has been released. Overview The System Center 2012 R2 Configuration Manager Dashboard (CM12R2Dashboard) enables SCCM administrators and support team to monitor SCCM environment to take the right decision at the right time. It can provide status on client activity, client health, deployments, content status and much more and has been designed to provide clear information to support teams, SCCM administrators and managers. The CM12R2Dashboard is totally customizable allowing it to show the information that is required by the customer. It can determine, based on customized parameters, when the information is in a Warning or Critical states by changing the information background colour. It can run on Windows 7+ and Windows 2008+ with at least PowerShell 3.0 (recommended 4.0) and .Net Framework 4 and depends on the installation…

Read the complete blog: http://thedesktopteam.com/blog/raphael/system-center-2012-r2-configuration-manager-dashboard-updated/

Over the past few weeks I have been busy updating the System Center 2012 R2 Configuration Manager HealthCheck Toolkit (CM12R2HealthCheck) to the version 0.03 and today I’m pleased to say that is has been released. What is the System Center 2012 R2 Configuration Manager HealthCheck Toolkit? The System Center 2012 R2 Configuration Manager HealthCheck Toolkit (CM12R2HealthCheck) has been created to check for problem and/or misconfiguration in the SCCM environment and, when possible, will provide you with some solutions for problems. This version contains a series of bug fixes, performance improvements as well as new functionality. We also would like to add the following notes/requirements: We have tested this tool on a single primary site and single primary site with secondary sites. We do expect it to work on a CAS environment, however, we have not been able to test. We have run the tool remotely as well locally on the…

Read the complete blog: http://thedesktopteam.com/blog/raphael/confimgr-2012-r2-health-check-toolkit-beta-03/

reportin

SCCM 2012 Hardware Inventory Report

Unveil your Hardware Data

This SCCM 2012 hardware inventory report let you see all your hardware in a single view. No longer need to browse multiple built-in reports. Use it to quicky find a specific machine having particular specification (Disk, Cpu, Serial number…).

This report easily return valuable information to your management team :

How many computers our company owns ? How many DELL Optiplex 780 ?
Which computers are still running Windows XP or Windows 2003 ?
What’s the serial number of computer XYZ ?
We urgently need to update a specific hard drive firmware, which computer has the affected model ?

We split this SCCM 2012 hardware inventory report into 5 sections:

Details, System, Processor, Disk and Video Controller.

 

Continue to read the complete blog post here : http://www.systemcenterdudes.com/sccm-2012-hardware-inventory-report/

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 R2 State Migration Point (SMP).

Role Description

The State Migration Point stores user state data when a computer is migrated to a new operating system.

This is not a mandatory Site System but you need a State Migration Point if you plan to use the User State steps in your Task Sequence. These steps integrates with User State Migration Tools (USMT) to backup your user data before applying a new operating system to a computer.

 

Site System Role Placement in Hierarchy

The State Migration Point is a site-wide option. It’s supported to install this role on a child Primary Site, stand-alone Primary Site or Seconday Site. It’s not supported to install it on a Central Administration site.

Beginning with SCCM 2012 R2, the State Migration Point can be installed on the site server computer or on a remote computer. It can be co-located on a server that have the distribution point role.

SCCM 2012 State Migration Point Installation

  • Open the SCCM console
  • Navigate to Administration / Site Configuration / Servers and Site System Roles
  • Right click your Site System and click Add Site System Roles
  • On the General tab, click Next

Continue to read the complete blog post here : http://www.systemcenterdudes.com/how-to-install-sccm-2012-state-migration-point/

migration

Hi All, last week, i was helping a customer with their migration from SCCM 2012 R2 to SCCM 2012 R2 CU4. There were already many things that had happen, collection migration, etc.. but the consultant that was performing the migration, wasn’t able to finish the job, so, i was called in. During the migration, we migrated couple of clients to test the migration script/GPO and we noticed the application catalog (probably the most used feature for them) wasn’t returning any result, however, when my user was logged on, i was able to see the applications that were deployed to “All users” collection. Looking at the logs, i saw on the policy logs, that the user policy was always with “0” assignments and so, it was not bringing anything to the Application Catalog. I tried to reset the policy, reinstall the client but none of those things worked. Looking further, on…

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-application-catalog-and-migration/

A question came up on the myITforum mssms email list this morning about the average package and application size of everyone’s ConfigMgr environment.

I look at the package size data all the time in the console, so I knew it was buried in SQL somewhere, I just had to find it. Low and behold v_PackageStatusRootSummarizer had what I needed, SourceSize represented in KB.

I threw that together in a quick SQL query and created a quick way to gather the average size of all your package types!

select pkg.PackageType [Type Number],
   case pkg.PackageType
   when ‘0’ then ‘Package’
   when ‘3’ then ‘Driver Package’
   when ‘4’ then ‘Task Sequene’
   when ‘5’ then ‘Software Update Group’
   when ‘257’ then ‘OS image’
   when ‘258’ then ‘Boot image’
   when ‘8’ then ‘Application’
   end [Type Name], AVG(psrs.SourceSize)/1024 [Avg size in MB],
   count(*) [Count]
from v_PackageStatusRootSummarizer PSRS join
v_package pkg ON psrs.PackageID = pkg.PackageID
group by pkg.PackageType
order by PackageType

and the results!

Type Number Type Name Avg size in MB Count
0 Package 105 803
3 Driver Package 315 25
4 Task Sequene 0 46
5 Software Update Group 639 12
8 Application 277 205
257 OS image 7546 5
258 Boot image 304 3

Originally posted at http://www.potentengineer.com/calculating-the-average-size-of-all-package-types-in-configmgr

 

 

Hi all Are you looking to be the SCCM automation hero? Look no further with my SCCM & PowerShell automation course I’ll be delivering a 3 days online course next July. The next course is scheduled to happen on 08, 09 and 10 July 2015 In this class, you’ll learn how to use Windows PowerShell to automate the deployment and management of a SCCM 2012 R2 environment What you’ll see/learn* – Overview of Automation, PowerShell and WMI – PowerShell, the basics – Tools & Resources – Deploying and Managing sites – Deploying and managing site system roles – Administrative Tasks – Assets and Compliance Tasks – Software Library Tasks – Console Extension – custom scripts and custom forms – Client Management (including Remote Management) *it may be subject to change During this course, you’ll have remote access to a lab environment where you will be able to learn while using….

Read the complete blog: http://thedesktopteam.com/blog/raphael/becoming-a-sccm-automation-hero-sccm-powershell-automation-course/

Hi All, when i was preparing the presentation for the thedesktopteam workshop day last year (http://thedesktopteam.com/blog/raphael/workshop-day-5th-april-2014-london/), i created few scripts to add requirements to a existing application/deployment type. by the time, i tought that this was too advanced for what i wanted to deliver on that workshop and because work related stuff, i never had a change to publish it. Few days back, i was speaking with Rick and he told me that it was impossible to achieve some of the requirements via script/powershell and i said it was possible and i had a script for it. what he was trying to do is to add a OS requiement for an application. to clarify my answer, the ConfigMgr console is also a “script” language. of course, it probably uses c# or c++, but it is a compiled script, so if they can, any other scripting language also can do, we…

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-add-cmdeploymenttypeglobalcondition/

Today as most have read or heard, the latest service pack for System Center 2012 Configuration Manger dropped. If you haven’t read about it, check out the official announcement: Announcing the availability of System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2. Also, here’s a great supplemental article on what’s in this release: The Strategy Behind Today’s Service Packs for System Center Configuration Manager.

Everyone cheered this until they saw two download files; that’s where the madness starts. Well, not really. It’s only madness if you let it be and don’t follow the directions posted.

The first thing to know is that from a binary perspective, ConfigMgr 2012 R2 SP1 and ConfigMgr 2012 SP2 (non-R2) are exactly the same. The only difference is a hidden, well protected switch that tells ConfigMgr if it is R2 or if it isn’t. If it is, the additional feature set in R2 is of course enabled. This results in a single code-base which in turn enables the product team to not have to manage multiple branches of code — it’s all the same now as far as 2012 goes.

Key Point
From a binary perspective, ConfigMgr 2012 R2 Service Pack 1 and ConfigMgr 2012 Service Pack 2 (non-R2) are exactly the same.

And that’s where the two files come in. The first, named SC2012_SP2_Configmgr_SCEP.exe, is the self-extracting executable that contains the full installation of ConfigMgr 2012 R2 SP1 and ConfigMgr 2012 SP2 — although remember these are actually the same so it’s really only one installation with two different names. Running setup from these files will result in one of three things:

  • Installation of a new 2012 SP2 site
  • Upgrade of an existing 2012 SP1 (or no SP) site to 2012 SP2
  • Upgrade of an existing 2012 R2 site to 2012 R2 SP1

If one of these is your end goal, that’s it, your done. Move along and start being productive again. If however, you are installing a new site and are entitled R2 or have recently purchased R2 (by adding software assurance), then the second set of files is also for you.

The second self-extracting executable, named SC2012_R2_SP1_Configmgr.exe, which most folks noticed is much smaller, contains files that do not install or upgrade anything. I’ll say that once again to drive it home: it doesn’t install or upgrade anything. Selecting Upgrade from the splash.hta in these files does one thing and one thing only:

  • Converts an existing ConfigMgr 2012 SP2 (non-R2) site into a ConfigMgr 2012 R2 SP1 site.

That’s it. If your site is already an R2 site, do *not* run Upgrade from these source files — it won’t let you anyway and you’ll just get confused.

Recall, as mentioned above a couple of times, that there is no difference between these two versions at a binary level (although I’m sure there are some minor other difference like splash screens and graphics). Thus, this so-called upgrade merely flips the switch telling the site that it is now 2012 R2 SP1 (and replaces those other minor things like graphics). Do note of course that only folks that own ConfigMgr 2012 R2 (presumably because that have software assurance on ConfigMgr) should ever run this to get to 2012 R2 SP1.

The end result here is that 2012 R2 is more or less like a feature pack just like 2007 R2 and 2007 R3 were and the above is nearly identical to that scenario.

Also, don’t get caught up in the splash screen for the first set of files above saying “Install” when you are expecting to upgrade to R2 SP1 or non-R2 SP2. It is an install. It’s a complete binary level replacement/installation of all files just like the 2012 R2 installer does to 2012 SP1. If you launch the 2012 R2 splash screen on an existing 2012 SP1 site, it will say Install also.

The below table summarizes these five simple scenarios. No madness here.

Have Want Use
Nothing ConfigMgr 2012 SP2 SC2012_SP2_Configmgr_SCEP.exe
Nothing ConfigMgr 2012 R2 SP1 SC2012_SP2_Configmgr_SCEP.exe+SC2012_R2_SP1_Configmgr.exe
ConfigMgr 2012 SP1
(or no SP)
ConfigMgr 2012 SP2 SC2012_SP2_Configmgr_SCEP.exe
ConfigMgr 2012 SP1
(or no SP)
ConfigMgr 2012 R2 SP1 SC2012_SP2_Configmgr_SCEP.exe+SC2012_R2_SP1_Configmgr.exe
ConfigMgr 2012 R2 ConfigMgr 2012 R2 SP1 SC2012_SP2_Configmgr_SCEP.exe

Here’s another article from Michael Griswold that will hopefully help clarify things if you are still confused (even though the title contains something called “SCCM” as I’m not sure what that is — a web search tells me it’s a computer club in Munich for senior citizens): SCCM 2012 SP2 and R2SP1 – From here to there and the official guidance is at About the versions of System Center 2012 Configuration Manager.

The post Service Pack Madness appeared first on ConfigMgrFTW!.