Automating SSRS favorites with REST API

This information applies to SQL Server Reporting Services 2017 and later. As more and more organizations rely on visualization and reporting to get the information they need, more and more reports come into play. With Configuration Manager 1710 you get almost 500 reports where only a subset are relevant to you and your team. This blog post will show you how you can automate the use of favorites in SQL Reporting Services 2017. Prior to SSRS 2017 you had to find the report and mark it as a favorite. Beginning from SSRS 2017 we can now use a combination of [...]

Q&A from the We Speak Geek webinar

First a huge thanks to the many that tuned in to our 3 webinars on ConfigMgr Challenges in 2017. As promised here are answers to the many questions we had. For more questions, please reach out to Jason Sandys @JasonSandys or Kent Agerlund @Agerlund. For those who didn’t have a chance to attend, recordings are available here: https://info.flexerasoftware.com/SVM-WBNR-We-Speak-Geek-SCCM-Admin-PrioritiesQ &A From the North America webinarWith Windows 10 Servicing - how have you found keeping these up to date? I have 10k workstations, and with resources i can't keep up with 6 monthly releases. With the products i have to get updated/tested/confirmed [...]

By | 2017-12-21T18:57:27+00:00 December 21st, 2017|Configuration Manager (SCCM)|0 Comments

Create ConfigurationItems and Baselines without killing your mouse

This information applies to ConfigMgr version 1710 and later. One of the things I really love about working in IT is that you can learn new stuff all the time, and when new stuff turns into boring repetitive stuff you can apply automation and add yet another new piece of learning to your skillset. Over the last few releases of Configuration Manager, the product team has added some new cmdlets for managing Configuration Items and Baselines, and I started to look into these when I was given the task to create a lot of very similar CIs and Baselines for [...]

Create User collections based on AD department attribute with Powershell

If you are an organization who uses the Department attribute in Active directory and want to target users withing those departments for different deployments but you have a lot of departments and you don't know where to start, well then this post might be useful for you.   The script in this post retrieves all the departments that gets collected by the Users AD attribute by ConfigMgr (Not turned on by default needs to get added. See guide below) and from those departments it creates a user collection with a query that populates the collection with all users who are [...]

By | 2017-12-14T19:41:24+00:00 December 14th, 2017|Configuration Manager (SCCM), Powershell, Scripting|8 Comments

ConfigMgr PowerShell and WMI Excel spreadsheet

I just posted on Github updated version of Excel spreadsheet where you can find all the ConfigMgr PowerShell cmdlets, Primary Site WMI namespace methods, ConfigMgr Client WMI methods and COM object methods as well. You can download the Excel spreadsheet from here - https://github.com/Kaidja/ConfigMgrSDK/blob/master/ConfigMgr_cmdlets.xlsx

By | 2017-12-08T09:48:01+00:00 December 7th, 2017|Configuration Manager (SCCM), Powershell, Scripting|0 Comments

PowerShell Script for updating Runbook Steps in a Task Sequence!

The MDT Toolkit is great! One very useful feature is the “Execute Runbook” Step, which can execute a runbook in Orchestrator. Unfortunately Orchestrator has a little quirk, when moving to new environment, such as moving from Test to Prod. All runbooks get a new GUID, and runbook parameters might get a new GUID.  Besides this, the Server names usually needs to be changed too! This can be a trivial task, which an automation guy like me hate to do! Everytime Server name is updated, all parameters has to be setup again. This also makes the task prone to errors! So [...]

How to use SCCM SDK in C# with a WQL Query that contains joins

Sometimes you just stop and wonder: how DO you make a WQL query with joins and use it with the SCCM SDK in C#? It's that gnawing thought we all have right? So after spending an hour reading through people saying: "It's NOT supported!" and some people who said it was (without any examples whatsoever), I managed to get a small sample working. So if any of you should come across this challenge (which is of course the most of the world), then here is a code-example on how to do it: It's a small console application that output all [...]

The Big Bang and how it changed my life as an IT Pro

Maybe a misleading headline for my blog post, as it’s really the opposite message I’m trying to deliver. The Big Bang I’m referring to in the title is the change to a Cloud world from our “good old” on-premises infrastructure. For many organizations the Big Bang still hasn’t happened, not that organizations are not embracing new Cloud opportunities, most just can’t change everything overnight. Starting 5-6 years ago, I heard and read many stories that the “Cloud era” would be the end of life as we know it for IT Pros. Personally, I claim this statement to be false.For this [...]

By | 2017-11-14T16:10:52+00:00 November 14th, 2017|Configuration Manager (SCCM), Security, Windows Client|0 Comments

ConfigMgr: Issues setting up new MP’s? Check your SPN’s!

An old topic, revisited; This is just a quick blog post to inform any in the same situation as myself where a customer had some issues setting up 5 MP's at a customer. Now we all know that when setting up an new MP, or over time we may get some errors returned to us in one of the many log files monitoring the Management Point service in ConfigMgr. This is because MPs has quite a few prerequisites that either needs to be in place before it functions properly or needs TLC over time. The other day I was at [...]

By | 2017-11-13T00:22:16+00:00 October 30th, 2017|Configuration Manager (SCCM)|1 Comment

It’s here, Android O aka Android Oreo

Google just announced the release of Android 8.0 aka Android Oreo - https://www.android.com/versions/oreo-8-0/ and https://youtu.be/twZggnNbFqo lot’s of new cool features to look forward to, and also important architecture changes. My believe is that especially the architecture change, will have an impact on those administrators managing Android devices as future OS upgrades can come faster. The vendor specific implementation will now be separated from the OS framework as illustrated below. This change, and many of other security features will all be supported from Microsoft Intune and Microsoft System Center Configuration Manager with Zero day support. Before moving into testing, a couple [...]

System Center Configuration Manager Toolkit Package Download Very Slow

Recently I built a new ConfigMgr/SCCM environment for a customer. I installed the Microsoft Deployment Toolkit and created an MDT integrated task sequence in SCCM. The deployment task sequence that I created was very slow, it took at least a couple of hours to load. I noticed that the toolkit package was taking approximately 30 minutes to download. The site server was running Symantec antivirus and I had not yet configured any antivirus exclusions. This was a simple sign server environment therefore I add the exclusions listed in this article on the site server. In a more complex environment the [...]

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

Configuration Manager Current Branch upgrade stuck in downloading

Managing Configuration Manager is like operating a high-speed train with new monthly updates to the Technical Preview build and 3 yearly updates to the production build. No matter how smooth and easy the upgrade process has become, an upgrade is still an upgrade and things can go wrong (read: backup/snapshot first). With the release of Technical Preview 1705 (and now also found in production build 1706), the Configuration Manager Update Reset Tool - CMUpdateReset.exe were released. The tool will assist if you experience issues with new upgrades/hotfixes stuck in download. You’ll find the tool in .\microsoft configuration manager\cd.latest\smssetup\tools. I recently [...]

By | 2017-07-30T15:18:06+00:00 July 30th, 2017|Configuration Manager (SCCM), General info|8 Comments

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

By | 2017-07-29T11:17:31+00:00 July 29th, 2017|Configuration Manager (SCCM), Powershell|4 Comments

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Petya Ransomware – The Attack method and Preventing it

Todays News is all about Petya - but the way it gets onto PCs and spreads across the network is actually old news. In short, Petya does 3 things: Encrypt your files, Steal credentials, spread to other machines. It takes advantage of the "Shadow Broker Vulnerability" MS17-010. If you have patched your machine, you will not be hit with the SMB exploit. How ever it also use Mimikatz like capabilities to steal credentials from the local machine and copy it self to other machines $Admin share. A kill-switch has been described as simple as creating a file called C:\Windows\perfc (without [...]

Primary Site Fault Tolerance makes it in TP1706

Not sure if the ConfigMgr team ever sleeps, month after month new features are released in ConfigMgr Technical Preview. June is no exception, and I must confess this is truly the month I have been waiting for. Among many of the new features we now have support for active/passive site servers. A passive primary site server adds fault tolerance to your site by creating a copy of your primary site server and keeping it in sync. If a disaster occurs, you can manually make the passive site server active. There are a couple of things you need to consider before [...]

By | 2017-08-22T09:33:56+00:00 June 25th, 2017|Configuration Manager (SCCM)|2 Comments

ConfigMgr and Flexera Software CSI (3. Party Patch Management): Install the CSI Plugin

This is a quick and dirty how-to guide as I have a couple of customer who have asked for the same – how to Install the CSI Plugin in order to Connect the Flexera CSI to your ConfigMgr/WSUS/SUP infrastructure where you get the ability to monitor 3rd party vulnerabilities and remediate any threats by patching or removing software. This is a great management tool addon to your WSUS/ConfigMgr infrastructure and is a must for a complete patch management solution. If you are new to Flexera Software CSI I suggest you go to the following links where you can read up [...]

By | 2017-05-14T18:56:16+00:00 May 14th, 2017|Configuration Manager (SCCM)|0 Comments

Set Desktop and Lock Screen wallpaper with Intune in Windows 10

This is a quick blog post to show you can set this fairly easily using Intune. Intune requires you to point to a URL for the wallpaper which at first seems a bit odd, but it actually makes a lot of sense when you have solutions like OneDrive. What am I talking about? Well, find a suitable wallpaper and place it on your Sharepoint OneDrive or Personal OneDrive. Then share the wallpaper and create a public viewing link like so   Next, test the link by pasting the URL into your browser and take a look at the result. It [...]

How to manage Bitlocker on a Azure AD Joined Windows 10 Device managed by Intune.

When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites. However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD (also known as the recovery key) and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the [...]

Disable Onedrive Updates from a Task Sequence

In order to fully control OneDrive updates I was tasked to find a method to disable OneDrive from doing updates on its own. Given that there is no registry setting or GPO that allow you to disable automatic updates from happening I was forced to look for other methods. The update check is performed by a Scheduled Task that runs once every day If you look in the Scheduled Task manager you will find one or two tasks related to OneDrive. So in order to prevent OneDrive from doing any updates I first tried to delete any tasks related to [...]

By | 2017-08-22T10:30:37+00:00 April 18th, 2017|Configuration Manager (SCCM)|0 Comments

Getting WSUS sync errors in ConfigMgr 1702

Got a lot of these today on my ConfigMgr 1702 site server. STATMSG: ID=6704 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CTSCCM01.CORETECH.INTRA SITE=CT1 PID=10584 TID=18504 GMTDATE=ti apr 11 20:00:03.729 2017 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:03    18504 (0x4848) Synchronizing WSUS server ctsccm01.coretech.intra ...    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:04    29196 (0x720C) sync: Starting WSUS synchronization    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:04    29196 (0x720C) sync: WSUS synchronizing categories    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:12    29196 (0x720C) sync: WSUS synchronizing categories, processed 2 out of 2 items (100%)    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:13    29196 (0x720C) Sync failed: UssInternalError: SoapException: Fault occurred~~at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, [...]

By | 2017-04-11T22:23:14+00:00 April 11th, 2017|Configuration Manager (SCCM)|3 Comments

Windows 10: Upgrade the edition with Intune in the new Azure Portal

Most professional PC’s delivered today is delivered with Windows 10 Pro (out of the box) which is a really good Operating System, covering most use-cases. However in the world of BYOD and CYOD (Bring your Own / Choose your Own Device) companies, enterprises, goverments, schools etc. often want to upgrade to either Enterprise or Education since these editions of Windows 10 are more feature rich and has a couple of enhancements compared to Pro. Luckly, changeing the SKU does not involve a reinstallation or an major upgrade of the OS. And from Windows 10 1607 (Anniversary Update) you could go [...]

Windows 10 1703 Creators Update: First impressions

Windows 10 creators update is out and I wanted to create a quick blog of the initial experience installing and enrolling it into one of my Azure Active Directory (AAD) test tenants. The initial installation is more or less the same as before, but we know for a while that Microsoft will improve the OoBE (Out of Box Experience) where it now has a new nicer flow and UI. It’s very interesting to see how Microsoft is investing in these types of features and it tells us (in my opinion) how Microsoft looks at the future of Device/Windows deployment and [...]