Why is it that the install updates step will only work if I have it joining the domain in the "Apply Network Settings" step. Other wise, the install updates step just starts at 0%, says detecting updates, and goes to the next step. Problem is that I'm running a build and capture task sequence and I'm getting an error (0x00000004) during the "Prepare OS" step which I believe is related to running sysprep when joined to domain not workgroup. Can someone give me a clue?

Hi, If the computer is not joined to the domain it cannot use the site boundries published in AD, so if you install the client with SMSSLP=Server and install the Server Locator Point on the site server, you will see that it starts to work for you. regards, Jörgen-- My System Center blog ccmexec.com -- Twitter @ccmexec

When putting Software Updates in the Task Sequence, and the system is not yet domain member, add the next lines to the "Setup windows and ConfigMgr" step (SMSSLP=SERVERNAME.FQDN.COM SMSMP=SERVERNAME.FQDN.COM) http://henkhoogendoorn.blogspot.com/2011/02/handy-tips-and-tricks-for-configmgr.html My blogs: Henk's blog and Virtuall | Follow Me on: Twitter | View My Profile on: LinkedIn

got this in my "setup windows and configmgr" task sequence step SMSCACHESIZE=10240 SMSMP=mysiteserver.mydomain.local SMSSLP=mysiteserver.mydomain.local Only way it runs updates is if I join domain in "apply network settings" step still... HELP!!

Do you have a Server Locator Point installed already? Do you have advertised Software updates to the Collection where your client resides? That way Software updates will be installed during B&C when it's a member of a workgroup. At the point that Sysprep runs, the system must be a member of a workgroup. It's best for it to remain in a workgroup throughout the entire B&C process. No need to be domain member at all. My blogs: Henk's blog and Virtuall | Follow Me on: Twitter | View My Profile on: LinkedIn

yes there is a server locator point. I have advertised the updates to two collections: Unknown computers is one deployment A Windows 7 collection is another deployment It seems that it only works when joining the domain because that places the client into a known collection (Windows 7) that gets the software updates deployment. If it is still in a workgroup, the unknown collection deployment is not working. Is the computer still considered unknown at this point or should I target the deployment to another collection?

If it is still in a workgroup, the unknown collection deployment is not working. Is the computer still considered unknown at this point or should I target the deployment to another collection? I think it's not unknown anymore at this point because off ConfigMgr client installation? When I create a reference image and want updates in it, i don't advertise Software updates on the Unknown computer collection. Normally I import the computer with mac-address (so it's known) and place it in a Build & Capture collection. Then I advertise Software updates on that collection. That way (and place the SMSSLP & SMSMP rule) it works without adding the reference computer to the domain! 100% sure.My blogs: Henk's blog and Virtuall | Follow Me on: Twitter | View My Profile on: LinkedIn

Similar to the post here: http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/4fae2e3a-4a28-41eb-822d-eab9fbc9c8dd/ I get an 8004005 error right after it says detecting updates, now this is ONLY when not joined to the domain...

When Software Updates are not installed during the Task Sequence, change the advertisement at Download Settings > Slow network boundary from "Do not install updates" to "Download software updates from distribution point and install". http://henkhoogendoorn.blogspot.com/2011/02/handy-tips-and-tricks-for-configmgr.html > 80004005 means in the most situations access denied. Check security on your NA account.My blogs: Henk's blog and Virtuall | Follow Me on: Twitter | View My Profile on: LinkedIn

does that mean that if I have AD site boundaries and I add SMSLP to the client install it will work for software updates or do I still have to add another boundary that the client is in if in workgroup?

As I said in my own thread. You do need to define the boundaries Active Directory boundaries work only for Active Directory clients.MCITP Server Administrator MCTS Configuration Manager MCTS Operations Manager Blog: http://www.nixadmins.net Twitter: Mats_Hellman

does that mean that if I have AD site boundaries and I add SMSLP to the client install it will work for software updates or do I still have to add another boundary that the client is in if in workgroup? The best you can do is configure boundaries based on IP-address ranges! Just make sure that all devices managed (also workgroup devices) are inside the boundaries configured in your environment. My blogs: Henk's blog and Virtuall | Follow Me on: Twitter | View My Profile on: LinkedIn

and if my distribution point is protected and I'd rather not unprotect, then would I add this boundary to it??

Yes, you would. Protecting distribution points means that clients form other boundaries can't access them. Mostly this is used if one distribution point is behind a slow connection and you really dont want clients from other subnets accessing this site, you protect it. The main site is usually unprotected since we mostly want to manage all clients one way or the other. From the ConfigMGR documentation, "Protecting a Microsoft System Center Configuration Manager 2007 site system means that clients outside of the protected boundaries will be unable to access the distribution point or state migration point roles on that site system. Protection is applied to the entire site system, not just to the properties of the site role. However, protection has no effect on any site system roles except distribution points and state migration points. " http://technet.microsoft.com/en-us/library/bb932133.aspxMCITP Server Administrator MCTS Configuration Manager MCTS Operations Manager Blog: http://www.nixadmins.net Twitter: Mats_Hellman

Yes, you would. Protecting distribution points means that clients form other boundaries can't access them. Mostly this is used if one distribution point is behind a slow connection and you really dont want clients from other subnets accessing this site, you protect it. The main site is usually unprotected since we mostly want to manage all clients one way or the other. From the ConfigMGR documentation, "Protecting a Microsoft System Center Configuration Manager 2007 site system means that clients outside of the protected boundaries will be unable to access the distribution point or state migration point roles on that site system. Protection is applied to the entire site system, not just to the properties of the site role. However, protection has no effect on any site system roles except distribution points and state migration points. " http://technet.microsoft.com/en-us/library/bb932133.aspxMCITP Server Administrator MCTS Configuration Manager MCTS Operations Manager Blog: http://www.nixadmins.net Twitter: Mats_Hellman