It’s here, Android O aka Android Oreo

Google just announced the release of Android 8.0 aka Android Oreo - https://www.android.com/versions/oreo-8-0/ and https://youtu.be/twZggnNbFqo lot’s of new cool features to look forward to, and also important architecture changes. My believe is that especially the architecture change, will have an impact on those administrators managing Android devices as future OS upgrades can come faster. The vendor specific implementation will now be separated from the OS framework as illustrated below. This change, and many of other security features will all be supported from Microsoft Intune and Microsoft System Center Configuration Manager with Zero day support. Before moving into testing, a couple [...]

System Center Configuration Manager Toolkit Package Download Very Slow

Recently I built a new ConfigMgr/SCCM environment for a customer. I installed the Microsoft Deployment Toolkit and created an MDT integrated task sequence in SCCM. The deployment task sequence that I created was very slow, it took at least a couple of hours to load. I noticed that the toolkit package was taking approximately 30 minutes to download. The site server was running Symantec antivirus and I had not yet configured any antivirus exclusions. This was a simple sign server environment therefore I add the exclusions listed in this article on the site server. In a more complex environment the [...]

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

Configuration Manager Current Branch upgrade stuck in downloading

Managing Configuration Manager is like operating a high-speed train with new monthly updates to the Technical Preview build and 3 yearly updates to the production build. No matter how smooth and easy the upgrade process has become, an upgrade is still an upgrade and things can go wrong (read: backup/snapshot first). With the release of Technical Preview 1705 (and now also found in production build 1706), the Configuration Manager Update Reset Tool - CMUpdateReset.exe were released. The tool will assist if you experience issues with new upgrades/hotfixes stuck in download. You’ll find the tool in .\microsoft configuration manager\cd.latest\smssetup\tools. I recently [...]

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Petya Ransomware – The Attack method and Preventing it

Todays News is all about Petya - but the way it gets onto PCs and spreads across the network is actually old news. In short, Petya does 3 things: Encrypt your files, Steal credentials, spread to other machines. It takes advantage of the "Shadow Broker Vulnerability" MS17-010. If you have patched your machine, you will not be hit with the SMB exploit. How ever it also use Mimikatz like capabilities to steal credentials from the local machine and copy it self to other machines $Admin share. A kill-switch has been described as simple as creating a file called C:\Windows\perfc (without [...]

Primary Site Fault Tolerance makes it in TP1706

Not sure if the ConfigMgr team ever sleeps, month after month new features are released in ConfigMgr Technical Preview. June is no exception, and I must confess this is truly the month I have been waiting for. Among many of the new features we now have support for active/passive site servers. A passive primary site server adds fault tolerance to your site by creating a copy of your primary site server and keeping it in sync. If a disaster occurs, you can manually make the passive site server active. There are a couple of things you need to consider before [...]

By |2017-08-22T09:33:56+01:00juni 25th, 2017|Configuration Manager (SCCM)|2 Comments

ConfigMgr and Flexera Software CSI (3. Party Patch Management): Install the CSI Plugin

This is a quick and dirty how-to guide as I have a couple of customer who have asked for the same – how to Install the CSI Plugin in order to Connect the Flexera CSI to your ConfigMgr/WSUS/SUP infrastructure where you get the ability to monitor 3rd party vulnerabilities and remediate any threats by patching or removing software. This is a great management tool addon to your WSUS/ConfigMgr infrastructure and is a must for a complete patch management solution. If you are new to Flexera Software CSI I suggest you go to the following links where you can read up [...]

By |2017-05-14T18:56:16+01:00maj 14th, 2017|Configuration Manager (SCCM)|Kommentarer lukket til ConfigMgr and Flexera Software CSI (3. Party Patch Management): Install the CSI Plugin

Set Desktop and Lock Screen wallpaper with Intune in Windows 10

This is a quick blog post to show you can set this fairly easily using Intune. Intune requires you to point to a URL for the wallpaper which at first seems a bit odd, but it actually makes a lot of sense when you have solutions like OneDrive. What am I talking about? Well, find a suitable wallpaper and place it on your Sharepoint OneDrive or Personal OneDrive. Then share the wallpaper and create a public viewing link like so   Next, test the link by pasting the URL into your browser and take a look at the result. It [...]

How to manage Bitlocker on a Azure AD Joined Windows 10 Device managed by Intune.

When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites. However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD (also known as the recovery key) and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the [...]

Disable Onedrive Updates from a Task Sequence

In order to fully control OneDrive updates I was tasked to find a method to disable OneDrive from doing updates on its own. Given that there is no registry setting or GPO that allow you to disable automatic updates from happening I was forced to look for other methods. The update check is performed by a Scheduled Task that runs once every day If you look in the Scheduled Task manager you will find one or two tasks related to OneDrive. So in order to prevent OneDrive from doing any updates I first tried to delete any tasks related to [...]

By |2017-08-22T10:30:37+01:00april 18th, 2017|Configuration Manager (SCCM)|Kommentarer lukket til Disable Onedrive Updates from a Task Sequence

Getting WSUS sync errors in ConfigMgr 1702

Got a lot of these today on my ConfigMgr 1702 site server. STATMSG: ID=6704 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CTSCCM01.CORETECH.INTRA SITE=CT1 PID=10584 TID=18504 GMTDATE=ti apr 11 20:00:03.729 2017 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:03    18504 (0x4848) Synchronizing WSUS server ctsccm01.coretech.intra ...    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:04    29196 (0x720C) sync: Starting WSUS synchronization    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:04    29196 (0x720C) sync: WSUS synchronizing categories    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:12    29196 (0x720C) sync: WSUS synchronizing categories, processed 2 out of 2 items (100%)    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:13    29196 (0x720C) Sync failed: UssInternalError: SoapException: Fault occurred~~at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, [...]

By |2017-04-11T22:23:14+01:00april 11th, 2017|Configuration Manager (SCCM)|4 Comments

Windows 10: Upgrade the edition with Intune in the new Azure Portal

Most professional PC’s delivered today is delivered with Windows 10 Pro (out of the box) which is a really good Operating System, covering most use-cases. However in the world of BYOD and CYOD (Bring your Own / Choose your Own Device) companies, enterprises, goverments, schools etc. often want to upgrade to either Enterprise or Education since these editions of Windows 10 are more feature rich and has a couple of enhancements compared to Pro. Luckly, changeing the SKU does not involve a reinstallation or an major upgrade of the OS. And from Windows 10 1607 (Anniversary Update) you could go [...]

Windows 10 1703 Creators Update: First impressions

Windows 10 creators update is out and I wanted to create a quick blog of the initial experience installing and enrolling it into one of my Azure Active Directory (AAD) test tenants. The initial installation is more or less the same as before, but we know for a while that Microsoft will improve the OoBE (Out of Box Experience) where it now has a new nicer flow and UI. It’s very interesting to see how Microsoft is investing in these types of features and it tells us (in my opinion) how Microsoft looks at the future of Device/Windows deployment and [...]

By |2017-04-06T11:47:03+01:00april 6th, 2017|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS), Windows Client|Kommentarer lukket til Windows 10 1703 Creators Update: First impressions

A couple of nice little OSD tweaks in ConfigMgr 1702

ConfigMgr 1702 have a wealth of new features and client management improvements. This one might not be the reason you upgrade, but it’s still nice and worth a blog post. With 1702 you can customize your task sequence information and control what’s being displayed to the end-user. in this example you should notice a few changed in software center. Looking at my Upgrade task sequence, I now have information about download time/size and restart. when I start the task sequence, I have interesting information from my IT department telling me why the company is upgrading to Windows 10 All of [...]

By |2017-03-28T15:39:25+01:00marts 28th, 2017|Configuration Manager (SCCM), General info, OS Deployment|Kommentarer lukket til A couple of nice little OSD tweaks in ConfigMgr 1702

Send Email for SCSM 2016 – Service Request

System Center Service Manager 2016 have been released for quite a while now and more and more are starting the upgrade process. As you probably know, the .NET framework has also been bumped to 4.5.1, which effectively means that all solutions made in the old .NET 3.5 Framework also needs to be upgraded. Microsoft have done their part, but all custom solutions needs to be upgraded as well as community solutions. One of those solutions is the popular Send Email  made my Travis Wright for Incident (codeplex project uploaded by Christian Booth)and later adopted to Service Requests by Patrick Sundqvist. [...]

By |2017-03-27T23:08:18+01:00marts 27th, 2017|Service Manager (SCSM)|10 Comments

Android for Work in Configuration Manager 1702

Android for Work support was introduced in Intune standalone in late 2016. With the latest release of Configuration Manager current branch we also have AFW support in hybrid environments. In order to configure AFW a few things to you need to ensure first: Have a couple of Android devices with Android 5.0 or higher Create a Google account to be used as the Android for work admin account Configure Android for Work In the ConfigMgr console navigate to Administration workspace / Overview / Cloud Services / Microsoft Intune Subscriptions and click Configure Platforms / Android For Work. Notice the dialog [...]

By |2017-03-27T08:38:21+01:00marts 27th, 2017|Configuration Manager (SCCM)|2 Comments

Cloud Management Gateway with Sub CA

The new Cloud Management Gateway is going to make a big difference in the way we manage endpoints away from home in the future. The feature is a System Center Configuration Manager 1610 pre-release feature. Being a pre-release typically means = a little troubleshooting is required to get the feature working in different environments. In my previous blog post I described an issue with software update scan failing. The troubleshooting steps used in this blog post, are similar what I have described there. In this environment we have a PKI with a Sub CA, and as part of the certificate [...]

By |2017-03-15T10:54:35+01:00marts 15th, 2017|Configuration Manager (SCCM), General info|10 Comments

Software Update scan error using Cloud Management Gateway

First, I need to say….the new Cloud Management Gateway feature in Configuration Manager 1610 is awesome. There are a couple of gotchas you need to know about, when creating the service, but once you have overcome those hurdles - you will look like a hero at work, and be known as the person who finally enabled client management on internet based endpoints like road-warriors and colleagues working from home. In the wuahandler.log on the client you might run into Scan failed with error = 0x80240439. If that happens, first step in your troubleshooting should be checking he configuration manager agent [...]

By |2017-03-14T08:13:09+01:00marts 14th, 2017|Configuration Manager (SCCM), General info|6 Comments

Watch out when using $PSModuleAutoLoadingPreference = “none” in a PS Remote Session in Windows Server 2016

Recently I discovered a change in the default behavior of PSRemoting Sessions in Windows Server 2012 R2 vs. Server 2016. I was migrating a script from 2012R2 to 2016 and surprisingly, I got this error:   The term 'Get-Date' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included , verify that the path is correct and try again. + CategoryInfo : ObjectNotFound: (Get-Date:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException + PSComputerName : ctaa01   When I vestigated the issue I found that [...]

Q&A from the Flexera & Coretech webinar

Could you please tell me how many days can I use the trial version of Dashboard? Looks very useful for my SCCM infra. Also please let me know how to opt for dashboard after the trial period.First a huge thanks for all attending the webinar, as promised he are a list of the questions that we didn’t have time to answer during the webinar. Q: We already use Flexera for compliance. Is "Patching" included in it OR is it a separate module? A: Patching is integrated in the standard CSI solution. You can either patch using WSUS or integrate with [...]

By |2017-01-26T12:17:24+01:00januar 26th, 2017|Configuration Manager (SCCM), General info|Kommentarer lukket til Q&A from the Flexera & Coretech webinar

Default Site-Boundary-Group and boundaries

The purpose of the Default Site-Boundary-Group is to service clients that are not served by any other boundary group (that being local boundary group or neighbor boundary group). However in ConfigMgr 1610 there has been some confusement around the fact that you can add boundaries to the Default Site-Boundary-Group . I’ve been asked a couple of times if we should add all boundaries to the Default Site-Boundary-Group since the group is automatically configured for Site assignment. My take on that is NO, don’t use the Default Site-Boundary-Group as you don’t really control it. You will also notice that you can’t [...]

By |2017-01-23T13:34:33+01:00januar 23rd, 2017|Configuration Manager (SCCM), General info|3 Comments