Thursday, December 22, 2016

System Center Endpoint Protection Cookbook

The latest book about Microsoft Antimalware solution Windows Defender also known as Endpoint Protection within System Center Configuration Manager
sccm scep endpoint protection antivirus antimalware cryptolocker ransomware


With this book I hope to share with you my knowledge and real life customer experience about Microsoft Antimalware product Endpoint Protection (SCEP) or Windows Defender. Also how to deal with malware attacks, and protect your business Workstations and Servers from Crypto virus and other Ransomware.



I'm very gratefull to have Microsoft MVP Ronni Pedersen helping me reviewing the book and giving me good feedback along the way. Thank you!



Order now from



And just received a renewal for my MVP Award 2017 Enterprise Mobility as well!! 
On my 6th year as an Microsoft MVP now. 
Very grateful and happy :-)
Thank you Microsoft!






Protect your computers with a good antimalware solution, against malware exploits cryptolocker crypto virus locky zepto cerber and other ransomware trojans


Ransomware, Cryptolocker, Locky, Zepto, Malware, Antimalware, Applocker, Software Restrictions, Endpoint Protection, Windows Defender, Trojan, Exploits, EMET, SCCM, Configmgr, SCEP, Wannacry, WannaCrypt

Friday, May 20, 2016

SCCM 1602 New Features

Upgrade to 1602 done with great ease in the new Upgrade model in Configmgr, first time actually since the new plattform 1511


New features in version 1602 are:

  • In-place upgrade the operating system of site servers that run Windows Server 2008 R2
  • SQL Server AlwaysOn availability groups
  • Windows 10 servicing
  • iOS app configuration policies
  • Manage volume-purchased iOS apps
  • Automatic creation of Office mobile apps
  • Manage Office 365 client updates
  • Compliance settings for devices running Windows 10 team
  • Kiosk mode settings for Android Samsung KNOX devices
  • Conditional access for PCs managed by System Center Configuration Manager
  • Restricting access based on device Health Attestation status
  • New compliance policy rules
  • Make sure enrolled and compliant devices always have access to Exchange On-Premises
  • Client online status
  • Refresh PC machine and user policy from Software Center
  • Software Center branding changes
  • Health Attestation
  • Improvements to Endpoint Protection antimalware settings
  • iOS Activation Lock
  • Monitor terms and conditions deployments

Source: https://technet.microsoft.com/en-us/library/mt622084.aspx#bkmk_1602






Versioning in Configmgr is new.
The 1511 build is the first base build of the new Configuration Manager platform. Microsoft will not brand it 2016 version, because it will be continuously updated over the years with new builds. Indicating the first two digits the year and the second two the month it's released.


1511 is the latest full version you can install when setting up a new Configmgr hierarchy in your business. From there you can upgrade within the console very easy to the next version that is in the writing moment 1602. Meaning it was released in February 2016.


Precheck flight and Upgrade done within the Console






And Status after the Upgrade

Task Sequence Deployment Status with Action Output

Some of the new features I say very welcome to are that we can now see Action Output on the Task Sequences viewed in Monitoring - Deployments




And the New Production Client Deployment status is very Welcome. This came actually in version 1511





Endpoint Protection has a new Feature called "Potentially Unwanted Applications"

That captures application files that contains program code that you most likely dont want on your machine, that possibly someone other than the vendor put there.
Like unwanted toolbars, adware, malware, password stealers and so on.
This is a very welcome new feature as we face more and more treats these days.

This feature is enabled by default in the Endpoint Protection Policy, so its active once you have upgraded Configmgr and Clients to 1602. And the Scanning is in Real-Time.

You can monitor what it has found on both local drives and network file shares in the Endpoint Protection Status view - Malware Detected





More Client Notification Options



Friday, February 26, 2016

Configmgr 1511 New Features

The new version of System Center Configuration Manager are released with its version name 1511




These are the new features that you will find in the Console after looking around.
I'll go through some of them.

Site Servicing Status is a BIG news on the 1511 version and will be the place where you will find new versions of Configmgr. Easy to upgrade. So it keeps the release pace with Intune and Windows 10.   This is very very good.























Support for the new Classification - Upgrades.   This delivers new Windows 10 builds.

But be carefull with this as it may cause massive download on your Distribution Points.
Read more Kent Agerlunds blog http://blog.coretech.dk/kea/windows-10-servicing-in-configmgr-1511/

Also you need some Hotfix on your WSUS for this to work first.
https://blogs.technet.microsoft.com/configurationmgr/2016/01/28/hotfix-windows-10-upgrades-are-not-downloaded-in-system-center-configuration-manager-1511/



Very nice Option to check.
If you are running Windows 2008 R2 WSUS, you might want to take an extra look that its able to clean up succesfully without crashing.
Finally!! :) This will be exciting to do some more testing on.
With SCCM 2012 there was a big change in how deployments were presented.
Deployments to Computers were shown in the Software Center client, and Available User Deployments were shown in the Application Portal. Great Self Service Portal, that you can publish all your software applications for the users to pick up and install when they want.

Now with this you Software Center Client, users will be able you see both the Computer and User based Deployments in the Software Center view.








And yes Building and Capturing a Windows 10 Image works, with Updates!!  :-)

Configmgr Performance Tuning


Microsoft best practice for ConfigMgr is for all disk queue lengths to be < 2

If you experience sluggish poor performance on your Server, you might want to check on the Disk Queue lenght as well as the traditional CPU and Memory.

Very often on Virtualized environments like VMware and Hyper-V I see poor disk performance. But it can also be more hidden and difficult to discover from within the VM. Like to many IOPS and high memory usage on the Host. Then you need tools and performance monitoring on the actual Hosts.


If your Server Application in example Configmgr are still running slow after checking the things mentioned above, then it might be your SQL server not performing well.
Then have a look at this blogpost.
http://www.sccm.biz/2015/02/configmgr-why-you-need-to-implement-dns.html


Also what Powerplan are you currently running on your Windows Server.

High Performance if you want High Performance :)



Thursday, January 14, 2016

Powershell to create Collections in Configmgr





Remember to Update your Powershell Module first



-----------

# Variables
$PWDBegin = $PWD
$CMSiteCode = "XXX" # Change this - This should be your site code
$CMModule = "D:\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1" # Change this - This should point to the CM module

Import-Module $CMModule
$CMSiteCode = $CMSiteCode + ":"
Set-Location $CMSiteCode
$schedule = New-CMSchedule -RecurInterval Days -RecurCount 7

New-CMDeviceCollection -Name "Windows 8" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows 8" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like 'Microsoft Windows NT Workstation 6.2%'" -RuleName "Windows 8"
New-CMDeviceCollection -Name "Windows 8.1" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows 8.1" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Workstation 6.3%'" -RuleName "Windows 8.1"
New-CMDeviceCollection -Name "Windows 10" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows 10" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Workstation 10%'" -RuleName "Windows 10"
New-CMDeviceCollection -Name "Windows 7" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows 7" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Workstation 6.1%'" -RuleName "Windows 7"
New-CMDeviceCollection -Name "Windows Vista" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Vista" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Workstation 6.0%'" -RuleName "Windows Vista"
New-CMDeviceCollection -Name "Windows XP" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows XP" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Workstation 5.1%'" -RuleName "Windows XP"

New-CMDeviceCollection -Name "Windows Server 2012" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Server 2012" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server 6.2%'" -RuleName "Windows Server 2012"
New-CMDeviceCollection -Name "Windows Server 2012 R2" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Server 2012 R2" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server 6.3%'" -RuleName "Windows Server 2012 R2"
New-CMDeviceCollection -Name "Windows Server 2016" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Server 2016" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server 10%'" -RuleName "Windows Server 2016"
New-CMDeviceCollection -Name "Windows Server 2008 R2" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Server 2008 R2" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server 6.1%'" -RuleName "Windows Server 2008 R2"
New-CMDeviceCollection -Name "Windows Server 2008" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Server 2008" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server 6.0%'" -RuleName "Windows Server 2008"
New-CMDeviceCollection -Name "Windows Server 2003" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "Windows Server 2003" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server 5.2%'" -RuleName "Windows Server 2003"

New-CMDeviceCollection -Name "All Windows Servers" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "All Windows Servers" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Server%'" -RuleName "All Windows Servers"
New-CMDeviceCollection -Name "All Windows Workstations" -LimitingCollectionId "SMS00001" -RefreshSchedule $schedule
Add-CMDeviceCollectionQueryMembershipRule -CollectionName "All Windows Workstations" -QueryExpression "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%Microsoft Windows NT Workstation%'" -RuleName "All Windows Workstations"

Set-Location $PWDBegin

----------

Onedrive link to Powershell Script:
https://1drv.ms/u/s!AggfKwD7Gzp_grFSbG2DlaEXVxB4Sw


Use at your own risk.


Nice if you let me know if this is usefull for you in comments below.

Thanks

Tuesday, January 5, 2016

MVP 2016 :-)



Dear Nicolai Henriksen,

Congratulations! We are pleased to present you with the 2016 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Enterprise Mobility technical communities during the past year.

Fantastic news for me and I'm very grateful! :-)
Thank you Microsoft

On my fifth year now


Kind regards,
Nicolai


Friday, November 20, 2015

Thursday, November 19, 2015

Windows 10 on MAC



Installed Windows 10 on Your MAC and want to have 100% disk available?

You have the option to Install Windows 10 with the 100% capacity of your disk at once using a Boot Camp USB Boot stick, or you can install it using Boot Camp from within your MAC OS X and have booth available and switch between what you want to run.

And I did the second option like probably most people did because we was not sure how well Windows would run on a MAC hardware. Well its really similar to a PC and it all comes down to drivers to support the platform. And I got to say the MAC hardware is pretty cool, fast, durable and slick piece of machinery made in aluminium.    Not in the end its not perfect match for running Windows though, because the keyboard has some symbols in the wrong place, like @. But you'll get use to that without looking pretty fast.

---
Mac models that support Windows 10
https://support.apple.com/en-us/HT204990#models

How to install a fresh new Windows 10 on your Mac
https://support.apple.com/en-us/HT204990
---

Alright, so I like it so much that I don't want my OS X anymore!
And I wanted to have 100% of my Disk available for Windows 10!

My configuration had been for a couple of months a split 50% disk in the MAC OS X world and 50% for the Windows 10. All good.

If you are thinking of running Hyper-V or another hypervisor virtualization on Windows 10 on your Macbook. Stop now and think before you act. You might not wanna go there!

Running Hyper-V are working fine in it self. Little adjustments and tweaks to get the resolution and scaling to look good.... not perfect yet. But perhaps in next bootcamp driver update.. I hope.
BUT only for a while...  You might probably run into that suddenly your vt-x Virtualization gets disabled along with you GPU. Fix for this is boot into OSX and then back to Windows again, as the OSX enables vt-x when booted and add this config to some sort of memory NVRam perhaps, not sure. And after turning of, booting resetting your Windows some times and not booting the OSX it suddenly switches off the vt-x, and you have no BIOS or UEFI config to enable this like in a ordinary PC. This has to be switched on by the software, bootloader or OS.
This part is kind of bad! But will probably be fixed in future Bootcamp drivers and Windows 10.
The quick and dirty fix to this with help from my fellow colleague Ole Idar, I had to add some UEFI bootloader and the result of that is that on every boot it will boot into a boot menu in order to turn on vt-x again.  Will write more soon.    Hopefully in near future Microsoft and Apple will work this out in a smoother way.


So in order to fix this, you need to follow the instruction in the Windows section on this page:
http://www.rodsbooks.com/refind/installing.html#windows

After that your Macbook will always boot into this bootmenu and autoselect Windows 10 after 15sec.
Thats it, and of course with virtualization Enabled. If not, boot once into the middle selection and then choose the Windows 10 selection on the left.

Moving on...    (you are warned)


Also remember to have the latest Boot Camp. This is actually the drivers you need for getting Windows to work with the MAC. Latest version fixes a couple of thing and the Sleep mode problem that have existed for a while running Windows on a MAC. There have also been issues with high battery consumption, all though I have not had any problems with this on latest release of Boot Camp and latest Windows 10.        (pardon the Norwegian text on screen shoot beneath)



Alright, So back to destroying OS X.

I didn't find much information about this on the internet. Actually you find pretty much information about how to get rid of your Boot Camp Windows installation on a MAC. But not the other way around. And all information about how to install Windows using Boot Camp you will be told that you can Never re-size or change your Boot Camp partition after you have set it to a size.
Now I didn't want to believe this and had to give it a try. And I needed the disk space Now!

Remember to backup your data files before continuing. As this is on your on risk. No guaranties! but it worked for me:-)


This is what I did.

First! Ensure you MAC boots into the Windows at automatically on every boot using the Boot Camp control utility.   (you will have both the BOOTCAMP and OSX listed).

Test this by rebooting your MAC and it should automatically start into Windows every time.

Then

Start Disk Management in Windows and it should look something like this


Start deleting partitions...   carefully, you want to keep your BOOT CAMP NTFS partition.


So then, this is what it looks like.
OS X is now destroyed!


And you will only see the BOOTCAMP Windows partition in the Boot Camp Control Panel



So, all good.
But I cannot ReSize my Windows partition using the built in Disk management tool.
Perhaps you could use the MAC OSX boot USB Stick to resize it. But I didn't bother trying that.
And you could surly use many different Third party Partition Tools, but the one I used are free and worked for me. Supports Windows 10. It's Called Minitool Partition Wizard.
http://www.minitool.com/partition-manager/partition-wizard-home.html

Pretty easy to use.



Resize the BOOTCAMP parition to use the Unallocated space.




After Applying and Rebooting I now have 100% disk capasity in my Windows :-))  wooohoo!!



Renaming it to something better than BOOTCAMP...


Removing the Disk utility as I don't need that anymore.




Another thing, you might experience that scrolling the mouse up and down at pages are to fast. Try adjusting this setting down to 2 or 1.



Trackpad gestures in Mac are still better, but I would guess that Windows 10 are getting better every day as software and drivers are updated.
And you might want to get the Trackpad scrolling normal for Windows and not the Mac way, you have to edit registry for that:
http://tsentas.net/windows-bootcamp-reverse-scrolling/



Remember if you do the steps above there is no way back.
It would mean formatting the harddrive and starting over.

Also it would be wise to create and OSX USB install media with latest version available on your Mac OSX and store it safe. In case you should want to reinstall your MAC back original.
Or ofcouse if you have a newer MAC you could press CMD + R and boot into internet and it would download and install latest OSX. Now this is just amazing feature Apple has, there is just nothing like it!



In the End, my advice to you is
-Keep you MAC OSX as it is and add Windows 10 in an Dual boot option with Boot Camp!  And you'll probably need a bigger Windows 10 partition than the OSX partition.

With this you can keep you MAC as it is, still boot into OSX once n a while to upgrade the System Firmware, maybe use it for private stuff like browsing, listening to music, streaming airplay and for that OSX with its superb mouse gestures and smooth scrolling it fantastic!

Then for work and business, Microsoft office, Skype, presentations, Hyper-V, Onedrive,  boot into Windows 10! 

And if your Virtualization feature on CPU should be disabled and you want to enable it. Boot back into your MAC OSX and do this:

"Instead of booting into Windows by holding the option key on startup, boot in to OS X. Then go to System Preferences -> Startup Disk and choose your Boot Camp partition. The computer will restart and boot into Windows, with virtualization enabled."


Enjoy! :-)


Tuesday, October 27, 2015

Prepare for Windows 10






Must be Configuration Manager 2012 R2 SP1 (SP2)

Cummulative Update 2 

https://support.microsoft.com/en-us/kb/3100144


Windows Assessment Deployment Kit must be Win 10
http://go.microsoft.com/fwlink/p/?LinkId=526740


SQL 2012 SP2 or newer


Windows Server prefere WS 2012 R2   (can upgrade from WS 2012)

Remember to Disable antimalware when doing upgrade on the Server.
Other tools that are nice to have is:
You will also need WinPE 10 Drivers if available, for Windows 10 Boot Image.
----
SETUP.EXE includes a command line switch that tells it to “check for compatibility” but not actually perform the upgrade.  The full command line would typically look something like this:

SETUP.EXE /Auto Upgrade /Quiet /NoReboot /DynamicUpdate Disable /Compat ScanOnly


Possible Errors could be:





  • No issues found:  0xC1900210
  • Compatibility issues found (hard block):  0xC1900208
  • Migration choice (auto upgrade) not available (probably the wrong SKU or architecture)· 0xC1900204
  • Does not meet system requirements for Windows 10: 0xC1900200
  • Insufficient free disk space: 0xC190020E



  • Microsoft Assessment and Planning Toolkit
    http://www.microsoft.com/en-us/download/details.aspx?id=7826

    And also Windows 10 Drivers, but if its not available for that model or brand. Then you can use Windows 8.1 or Windows 8.


    SETUP.EXE /Auto Upgrade /Quiet /NoReboot /DynamicUpdate Disable /Compat ScanOnly




     If it failes it mean that you may have an imcompatible hardware og application, or to little free diskspace. On 64bit you should have at least 20GB available.

    To investigate further what caused the Setup to fail during In-Place Upgrade Task Sequence deployment from Configmgr.
    Have a look in this folder on the Workstation:
    XML files in the C:\$windows.~bt\Sources\Panther


    Log file locationDescription
    $windows.~bt\Sources\Panther Log location before Setup can access the drive.
    $windows.~bt\Sources\Rollback Log location when Setup rolls back in the event of a fatal error.
    %WINDIR%\Panther Log location of Setup actions after disk configuration.
    %WINDIR%\Inf\Setupapi*.log Used to log Plug and Play device installations.
    %WINDIR%\Memory.dmp Location of memory dump from bug checks.
    %WINDIR%\Minidump\*.dmp Location of log minidumps from bug checks.
    %WINDIR%\System32\Sysprep\PantherLocation of Sysprep logs.