Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here:     [...]

Q&A from the Flexera & Coretech webinar

Could you please tell me how many days can I use the trial version of Dashboard? Looks very useful for my SCCM infra. Also please let me know how to opt for dashboard after the trial period.First a huge thanks for all attending the webinar, as promised he are a list of the questions that we didn’t have time to answer during the webinar. Q: We already use Flexera for compliance. Is "Patching" included in it OR is it a separate module? A: Patching is integrated in the standard CSI solution. You can either patch using WSUS or integrate with [...]

By | 2017-01-26T12:17:24+00:00 January 26th, 2017|Configuration Manager (SCCM), General info|0 Comments

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By | 2016-05-31T21:32:16+00:00 May 31st, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By | 2016-05-26T17:43:26+00:00 May 26th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By | 2016-05-24T15:23:08+00:00 May 24th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: Also check out the Microsoft EMS Resources App and YouTube page for more information about Microsoft [...]

OMS/EMS Seminar March 2016: Enterprise Mobility Suite Session Notes and slides

Hi First and foremost, thanks to all attendees for a great day on Wednesday. Lots of great questions and discussions and to all of you who is wondering what happened to my girlfriend’s phone – well I had to un-enroll it the morning after!  For those of you who are waiting for the EMS-book that Kent is writing together with Peter Daalmans, it is not to long until it is published so stay tuned! I will update this blog post with link to the book when it is out.. Download the slide deck: EMS Microsoft EMS Resources app is free and [...]

December 11: Microsoft Enterprise Mobility Suite (EMS) Resources at your fingertips

I know it's a pompous title, but that still the idea behind what I want to show next. As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. Now for some time now I have been working with Cloud services like Microsoft Intune and eventually EMS after the suite [...]

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = '' $SiteCode = 'PS1' # Test the connection to server     Test-Connection         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature         -Name Web-ISAPI-Ext,Web-Windows-Auth,Web-Metabase,Web-WMI,RDC         [...]

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to create and install local packages. Without it, only packages from Microsoft Update will be installed. How-ever this time I got this error when trying to 'Automatically create and install certificate'  during the Connector Wizard: An error occurred when creating the WSUS Signing Certificate Now this [...]

By | 2015-10-20T20:14:46+00:00 October 20th, 2015|Configuration Manager (SCCM), Security|1 Comment

How to: Create custom SQL- based Reports in System Center 2012 R2: Configuration Manager

A customer asked me  for a “how-to” on how to Create reports in SCCM 2012, so why not share with everyone. This post is not intended to show how to write or design queries, but show you have to create  a report based on a SQL query you might already have. Even-though we are skipping how to write SQL Queries for know, this post is still going to be a bit long. Time for that cup of coffee! First some requirements: You need to have an SQL Server instance for SCCM with SQL Reporting Services running You need to have [...]

Upgrade System Center Configuration Manager Console with PowerShell

Since Service Pack 1 was released to SCCM 2012 R2 I have been upgraded several environments. A couple of customers wanted me to create a PowerShell script to uninstall existing ConfigMgr Console and install the new updated version with the latest cumulative updates and hotfixes. If you create a package to distribute it with SCCM make sure you point the Data source to the location of the Client installations files, Script, KB3084586-msp and kb3074857-msp. Installation command for the program will then be: PowerShell.exe -file "script.ps1". Remember to set PowerShell execution policy to "Bypass" under Client Settings. This will not affect [...]

Working with managed applications within Configuration Manager 2012 R2 SP1

First, let’s define a managed application. In essence it’s a special policy that enable you to control settings in the application or browser like data encryption, can the user save the document as a new file etc. To successfully deploy a managed application you need to mix the application deployment with an application management policy. Configuration Manager will automatically discover if the application can be managed and will show an additional page in the wizard when you create the deployment. It’s worth noting that not all applications can be managed. They have to have the Intune App SDK built-in or [...]

Change device ownership in Configuration Manager with PowerShell

All newly enrolled devices are enrolled as Personal Devices by default in Configuration Manager and we cant change the default behavior. If the Device Ownership is Company, then we can inventory all the installed applications and we can also do mandatory installations. If the Device Ownership is Personal, then we can inventory only applications that are installed through Company Portal. If your company policy is that all the devices must be company-owned, then you can use this script to query a specific collection devices and it will set the Device Ownership to Company. [crayon-59c1e85dd06a9615357195/]

Scripts and links from my sessions @IT/Dev connections

A big thanks to all who attended at our sessions. Below are the links to the scripts and blog post we referenced during the session. Hope to see you all again next year! Managing Configuration Manager with PowerShell  Building Custom Tools Using PowerShell  Truly Better Together: Configuration Manager 2012 R2 and PowerShell  Quick and Dirty – Build Configuration Manager 2012 Admin Console Extensions automatically - Configuration Manager 2012 R2 Developer Excel Sheet - Does Your Hard Work Advance the Ecosystem? - Coretech Collections Tool - Before you start using these script examples on your production environment, please make [...]

House of Cards–The ConfigMgr Software Update Point and WSUS

A Card house; fun to build but not very solid and when one card falls the whole house often goes down with it. It’s a little like that with the WSUS server and Configuration Manager. Installing WSUS seems so easy but there are still some moving part, and if you get one of the wrong maybe the whole House of Cards falls. Recently I have seen that happen at several customers. This blog post is divided into 3 parts: 1. Introduction 2. Problem overview and symptoms 3. Solutions to fix issues and avoid it in the future Let’s start by [...]

By | 2014-09-10T14:38:25+00:00 September 10th, 2014|Configuration Manager (SCCM), General info|44 Comments

System Center 2012 Configuration Manager SP1 Cumulative Update 1 PowerShell Parameter Sets Excel Sheet

I just updated the SP1 RTM version of Configuration Manager 2012 SP1 RTM PowerShell Parameter Sets Excel sheet and with SP1 CU1 we have 511 CMDLETS and 1675 parametersets :)   You can download the Excel Sheet from here Happy Scripting Kaido    

PowerShell to the rescue – Clean up direct collection memberships

We where talking to a customer about how to avoid waiting for Active Directory group synchronization to occur and place a device in the correct collections faster than “until the next synchronization”. The main problem with this setup was caused by the fact that they used a group-in-group membership to identify collection memberships and apparently SCCM 2012 don’t include indirect changes to group membership as delta changes (I have not tested this in details yet). So we came up with the idea to just create a direct membership to place the device in the collections instantly to make sure that [...]

By | 2013-03-12T12:31:15+00:00 March 12th, 2013|Configuration Manager (SCCM), Powershell|3 Comments

Quick and Dirty Management Point check

If you have a big Configuration Manager environment and you don´t have a monitoring solution like SCOM or NAGIOS, then PowerShell can help you too.  This script queries all Management Points from SMS_SystemResourceList WMI class and it will check MPCERT and MPLIST website status. If you want to use this script then run it on your Central, CAS or Primary Site Server like this: Get-CMSMPStatus.ps1 -SiteCode PS1 -SiteServer Localhost -OutPut c:\Temp\MPStatus.csv. This will create a CSV Report (example below) This script should work with PSH v2 and v3. You can download the code example from here

By | 2013-01-29T14:20:44+00:00 January 29th, 2013|Configuration Manager (SCCM), Powershell|1 Comment

Changing the regional related (small) stuff! Dot vs. Comma

During OS deployment you normally set the regional settings to match the nationality of the user who are to receive the computer! This can be anything from the OS UI and keyboard,  to Date and time formats, and is normally done using sysprep values like SystemLocale, UserLocale, UIlanguage etc. One problem though, is the UserLocale value, which sets all the Date and time formats. These settings are all pre defined in the system based on the regional setting, which means all machines running English UserLocale will get the settings defined for en-US by Microsoft. But every now and then, you [...]

By | 2012-02-23T15:48:12+00:00 February 23rd, 2012|General info, OS Deployment|3 Comments

Updated version of the Coretech Shutdown Utility v. 0.8

A new and updated version of our popular shutdown utility is available for download. Read this post for a detailed description of the utility. Changelog: Additions: Added Exit Error Codes. Added Minimize Button. Added Notification Form when Minimized. Added the support for an external description text file. Added the argument support for LastBootTime more or less. Added the argument support for RegistryKey equals or not equals. Added the support for using Capital Letters as argument type. Changes: Changed Main form as well as the Notification form to be Desktop Modal. Changed the design to "Splash Form" style, with background and [...]

By | 2012-02-16T16:13:31+00:00 February 16th, 2012|Configuration Manager (SCCM), Tools|3 Comments