Kaido Järvemets

About Kaido Järvemets

Configuration Manager MVP

Notes from the field: Deploying Windows 7

I never thought that I would write a blog post about deploying Windows 7 x64 in UEFI mode and TPM 2.0 in 2016. However, I understand that bigger enterprises aren’t 100% ready to deploy Windows 10 but you should definitely have a plan for that. In this blog post I will point out some of the key things regarding Windows 7 SP1 x64, UEFI and TPM 2.0 and maybe this will be helpful for others as well. My experience is with HP models, like the EliteBook 820 G3 / 840 G3 and HP Probook 640 G3 / 650 G3.   [...]

By | 2017-08-22T10:29:05+00:00 August 15th, 2016|OS Deployment, Windows Client|3 Comments

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By | 2016-05-31T21:32:16+00:00 May 31st, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By | 2016-05-26T17:43:26+00:00 May 26th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - http://cm12sdk.net/?p=1006 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By | 2016-05-24T15:23:08+00:00 May 24th, 2016|Configuration Manager (SCCM)|0 Comments

Creating ConfigMgr Servicing Plans with PowerShell

Last week we got a new set of cmdlets for Configuration Manager and now we have the ability to create Servicing Plans with PowerShell. I put together end-to-end example and with this script you can: Create a folder called Software Updates (cant move Device Collections into a folder because Move-CMObject is broken in latest release) Create 5 Device Collections Create Software Updates Deployment Package Download the necessary upgrade package Distribute the package to a Distribution Point Create 5 different Servicing Plans   ############ WINDOWS 10 SERVICING ###############################     Get-CMWindowsServicingPlan     New-CMWindowsServicingPlan #These cmdlets require Configuration Manager 1511 or newer. $DeploymentPackageName [...]

By | 2016-05-23T16:18:15+00:00 May 23rd, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = 'DP01.4demo4.com' $SiteCode = 'PS1' # Test the connection to server     Test-Connection         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature         -Name Web-ISAPI-Ext,Web-Windows-Auth,Web-Metabase,Web-WMI,RDC         [...]

Windows Server 2016 Technical Preview 2 ADFS New PowerShell cmdlets

Quick comparison shows that we have 37 new PowerShell cmdlets :) cmdlet name Add-AdfsLocalClaimsProviderTrust                                                                           Add-AdfsScopeDescription                                                                                   Add-AdfsTrustedFederationPartner                                                                           Disable-AdfsCertificateAuthority                                                                           Disable-AdfsLocalClaimsProviderTrust                                                                       Enable-AdfsLocalClaimsProviderTrust                                                                        Get-AdfsAccessControlPolicy                                                                                Get-AdfsApplicationPermission                                                                              Get-AdfsAzureMfaConfigured                                                                                 Get-AdfsCertificateAuthority                                                                               Get-AdfsLocalClaimsProviderTrust                                                                           Get-AdfsRelyingPartyWebTheme                                                                               Get-AdfsScopeDescription                                                                                   Get-AdfsTrustedFederationPartner                                                                           Grant-AdfsApplicationPermission                                                                            Invoke-AdfsFarmBehaviorLevelRaise                                                                          New-AdfsAccessControlPolicy                                                                                New-AdfsAzureMfaTenantCertificate                                                                          New-AdfsLdapAttributeToClaimMapping                                                                        New-AdfsLdapServerConnection                                                                               Remove-AdfsAccessControlPolicy                                                                             Remove-AdfsLocalClaimsProviderTrust                                                                        Remove-AdfsRelyingPartyWebTheme                                                                            Remove-AdfsScopeDescription                                                                                Remove-AdfsTrustedFederationPartner                                                                        Restore-AdfsFarmBehaviorLevel                                                                              Revoke-AdfsApplicationPermission                                                                           Set-AdfsAccessControlPolicy                                                                                Set-AdfsApplicationPermission                                                                              Set-AdfsAzureMfaTenant                                                                                     Set-AdfsCertificateAuthority                                                                               Set-AdfsLocalClaimsProviderTrust                                                                           Set-AdfsRelyingPartyWebTheme                                                                               Set-AdfsScopeDescription                                                                                   Set-AdfsTrustedFederationPartner                                                                           Test-AdfsFarmBehaviorLevelRaise                                                                            Test-AdfsFarmBehaviorLevelRestore   Best

By | 2017-08-22T10:22:02+00:00 May 13th, 2015|Powershell, Windows Server|0 Comments

Windows Server 2016 Technical Preview 2 ADFS idpinitiatedsignon error

I just installed and configured a new ADFS server. After the configuration I wanted to test out ADFS login using this address - https://sts.corp.viamonstra.com/adfs/ls/idpinitiatedsignon but it failed with this error: The resources you are trying to access is not available. Event log showed this error message Quick configuration check with Get-ADFSProperties cmdlet and I discovered that by default it is not enabled.     Use the Set-AdfsProperties -EnableIdPInitiatedSignonPage $True command to enable the login.   Best

By | 2017-08-22T10:19:17+00:00 May 13th, 2015|Windows Server|2 Comments

Beyond unsupported – How to add PowerShell ISE to ConfigMgr Admin Console

As you already know, then currently we can only start PowerShell Console through Configuration Manager Admin Console but most likely  you may want to start PowerShell ISE through Admin Console :) Step-by-step guide First, this is not supported so don’t blame me if something is not working. Please also remember that there is no SAVE button in Admin Console Builder Tool! Close ConfigMgr Admin Console Start AdminUI.ConsoleBuilder.exe – You can find this tool under the Admin Console installation folder   Select File –> Open –> ConnectedConsole Select View->Application Menu Items Select Connect via Windows PowerShell and right-click select Clone Now [...]

Working with Queries in ConfigMgr with PowerShell

I accidentally blew up my dev lab and now I need to build a new one but luckily we have PowerShell :). In this picture we have 8 Queries and I would like to create Device Collections based on these Queries. These Queries are built with Servicing Extension.   Here are some of the commands that we can use in Configuration Manager 2012 R2 CU4. These commands allows us easily export/import Queries from one system to another and much more. [crayon-59c51e67acfc9287647667/] Little bit later we have nice Device Collections in System folder   Using the PowerShell GridView output we can [...]

New ConfigMgr PowerShell cmdlets in CU4

Microsoft just released a new CU for Configuration Manager and with latest CU we got 35 PowerShell cmdlets. Now we have 597 PowerShell cmdlets. Here are the new ones: Add-CMDeploymentTypeDependency Add-CMDeploymentTypeSupersedence ConvertFrom-CMApplication ConvertFrom-CMConfigurationItem ConvertTo-CMApplication ConvertTo-CMConfigurationItem Get-CMCertificate Get-CMClientOperation Get-CMDeploymentTypeDependency Get-CMDeploymentTypeDependencyGroup Get-CMDeploymentTypeSupersedence Get-CMMigrationSource Get-CMObjectSecurityScope Get-CMQuery Get-CMSiteRole Invoke-CMGroupDiscovery Invoke-CMQuery Invoke-CMSystemDiscovery Invoke-CMUserDiscovery New-CMADGroupDiscoveryScope New-CMDeploymentTypeDependencyGroup New-CMEmbeddedObjectInstance New-CMEmbeddedProperty New-CMEmbeddedPropertyList New-CMQuery Remove-CMCollection Remove-CMDeploymentTypeDependency Remove-CMDeploymentTypeDependencyGroup Remove-CMDeploymentTypeSupersedence Remove-CMQuery Set-CMDeploymentTypeDependency Set-CMDeploymentTypeDependencyGroup Set-CMDeploymentTypeSupersedence Set-CMQuery Sync-CMMigrationSource   Happy Scripting! :)

Create ConfigMgr Collections and Admin Console Folders with PowerShell

Starting from ConfigMgr 2012 R2 we can use New-Item PowerShell cmdlet to create ConfigMgr Admin Console folders. Here is one simple and quick PowerShell script that allows you to create folders and Collections and finally it moves the Collection to correct folder. [crayon-59c51e67ae5c8121508982/]   After the script execution you have 6 folders and in each folder Test x Collection – as you see it is really easy to create Collections and Folders with PowerShell.   Best, Kaido

Change device ownership in Configuration Manager with PowerShell

All newly enrolled devices are enrolled as Personal Devices by default in Configuration Manager and we cant change the default behavior. If the Device Ownership is Company, then we can inventory all the installed applications and we can also do mandatory installations. If the Device Ownership is Personal, then we can inventory only applications that are installed through Company Portal. If your company policy is that all the devices must be company-owned, then you can use this script to query a specific collection devices and it will set the Device Ownership to Company. [crayon-59c51e67af650588099114/]

Configuration Manager 2012 SP1 and R2 PowerShell Provider

Updated 23.03.2015! As you might have already noticed that Configuration Manager PowerShell Provider is lot like Active Directory, Registry etc. provider. To run a cmdlet you need to be inside CMSITE. If you are still using SP1+, then: 1. you can´t use New-Item cmdlet to create folders 2. you can´t set the location to sub folders 3. Get-ChildItem does not work at all If you are using R2+, then 1. You can use New-Item to create folders 2. You can change the location i.e. sub folders etc. 3. Get-ChildItem only prints out folder objects but not collections, applications etc. inside [...]

Scripts and links from my sessions @IT/Dev connections

A big thanks to all who attended at our sessions. Below are the links to the scripts and blog post we referenced during the session. Hope to see you all again next year! Managing Configuration Manager with PowerShell  Building Custom Tools Using PowerShell  Truly Better Together: Configuration Manager 2012 R2 and PowerShell  Quick and Dirty – Build Configuration Manager 2012 Admin Console Extensions automatically - http://cm12sdk.net/?p=2299 Configuration Manager 2012 R2 Developer Excel Sheet - http://cm12sdk.net/?p=2326 Does Your Hard Work Advance the Ecosystem? - http://blogs.msdn.com/b/powershell/archive/2011/02/07/does-your-hard-work-advance-the-ecosystem.aspx Coretech Collections Tool - http://blog.ctglobalservices.com/kaj/coretech-configuration-manager-2012-r2-powershell-automation-module-0-1/ Before you start using these script examples on your production environment, please make [...]

Coretech Configuration Manager 2012 R2 PowerShell automation module 0.1

During the TechEd Kent showed one of our solution that allows you to save all the Collections to an Excel file or to create Collections based on Excel template. We have received a lot of emails and twitter tweets that when we are going to publish it and good news is that we will publish it now :) . If you haven't seen the Kent TechEd video, then I recommend to watch it before you use this module. This is not the latest version and it is work in progress release. We will continue to improve this PowerShell module. Here [...]

Working with Security Scopes in Configuration Manager with PowerShell

Last year @MMS Kent showed our automated RBA solution and I just discovered that this does not work in ConfigMgr 2012 R2 CU1 environment. It seems like they have changed the process behind the UI and in ConfigMgr 2012 R2 CU1 environment they are using different IDs to identify the Object. Before they used FolderTypeID value but now they are using SecuredTypeID values. You will need these values, if you are working with SMS_SecuredCategoryMemberShip WMI class and AddMemberShips/RemoveMemberships mehtods FolderTypeID FolderTypeName SecuredTypeID 2 SMS_Package 2 7 SMS_Query 7 9 SMS_MeteredProductRule 9 11 SMS_ConfigurationItem 11 14 SMS_OperatingSystemInstallPackage 14 16 SMS_VhdPackage 16 [...]

How to change Configuration Manager Hardware Inventory Schedule Client Setting

Today I tried to modify Hardware Inventory Schedule client setting and it didn't work. First I thought that I did something wrong or the cmdlet is broken. Here is the cmdlet Verbose output Then I thought that, lets disable the HW client setting and then enable the HW client setting with correct schedule and Bingo it worked correctly. [crayon-59c51e67b1801492516168/] If you compare the verbose outputs, then you will see the difference - first time it didn’t query the SMS_SCI_ClientComp WMI instance but second time it did.   Now If I try to modify the schedule again I don’t need to [...]