SCCM cannot encrypt Windows 7 during OSD

I came across this problem which manifested itself differently in a few cases but the most common result is something like this:

Windows 10 1511 (build 10586) includes a new bitlocker encryption, XTS-AES encryption algorithm, which cannot be read by earlier versions of Windows including Windows 7, 8/8.1 and 10 older than v1511.

The fix is documented here: and all credit goes to Anders Horgen for creating a PowerShell script to apply the fix. It may be a little overkill but it works so here it is: OSD_Set_BitLocker_Chiper-v1.0.0.ps1

Steps to implement this fix:

  1. Create a new package (or use an existing if you prefer)
  2. Add a new step to your TS just before Pre-provision BitLocker
  3. Fill it in something like this:

MDT and Language Issues

New issue here with deploying an automated MDT build of Windows 7.

I found after deploying that the clock was in US format, the keyboard – US, everything defaulted to US. I couldn’t find an obvious quick way of rectifying this through MDT, so here is the easiest solution, no rebuilds necessary. Not something I’d come across before using old skool hand made images.

When applying the image in an SCCM task sequence, specify an answer file. Here’s the answer file I created for Windows 7 SP1 x64: en-GB unattend

To create your own, follow the guide here:

Citrix Receiver install script

This is my script for installing Citrix Receiver. The reg changes are to stop it launching on startup and to stop the nag for a user e-mail address that it needs on first run. This still cannot be prevented (to my knowledge) if the user is logged on during install, so either make it available in SCCM Software Center or if you can garantee no user will be logged in during install (and won’t login half way through) then go for a required hidden install.


Resources for Upgrading from SCCM 2012 R2 to R2 SP1

Here are 3 handy resources to have a read through before going ahead with the upgrade.

Technet’s own

Well worth a read through the full section for the SP2 upgrade as it applies to R2 Sp1 too. So the check list, considerations and planning to upgrade to Sp1 right at the end of the article.

Test the database prior to upgrading

Expand the “To test….” section for better instructions on how.

And finally, a great Step-by-Step SCCM 2012 R2 Sp1 Upgrade Guide in pictures.

MDT Won’t Capture the WIM

So MDT won’t capture. Towards the end of BDD.LOG I get this:

The problem here became pretty much obvious on going just a few lines up:

About to run command:

Due to the default naming of the captured WIMs, you cannot capture the same task sequence twice in a single day without deleting/moving/renaming the first capture.

Posted in MDT

App-V 5.0 SP3 Server Install

Recently tasked with upgrading App-V 5 SP1 servers to SP3 I ran into difficulties with the database, deleting a table it wanted to later update. This was down to Microsoft getting the order of execution wrong in their readme file.

Here’s the correct order, a solution I found on technet:

1. CreateTables.sql
2. CreateStoredProcs.sql
3. InsertVersionInfo.sql
4. Permissions.sql
5. UpdateTables.sql

If you’ve already started running the SQL files and found the problem the hard way as I did, here is a fixed CreateTables.sql to re-create the table that was deleted prematurely. Just use it at step 1 in the order.


Recently attempting to repair a Windows 8.1 laptop, having trouble running sfc /scannow from a repair cd with this error:

“There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.”

Doing some searching I managed to find this useful tip and thought it was worth a share:

This error indicates that incorrect arguments were given, or there is a file that needs to be removed or renamed in the \Windows\winsxs\pending.xml path. For this installation, this is D:\Windows\winsxs\pending.xml.

For this particular system, this is the correct command to run based on the output of diskpart above

In the above example, OFFBOOTDIR should be the 100mb boot partition and OFFWINDIR should be your Windows directory.