Understand the MBAM installation process and how to use PowerShell to install features.
I have seen several blog posts on how to unlock a BitLocker encrypted drive from Windows PE, using the recovery password stored in the Microsoft Bitlocker Administration and Monitoring (MBAM) SQL Server database. What's the problem with these solutions? All of these have one thing in common: they query the SQL database directly, requires changing SQL Server configuration and granting access to the database directly. Why is this a problem? Well, in my opinion this is a bad design approach, as the core purpose of implementing BitLocker volume encryption and MBAM is to secure our data from being compromised. By [...]
How to get your Hyper-V connection or remote desktop sessions to scale correctly on Windows 10 High-DPI monitors.
How do you automatically create a Hyper-V guest that start a specific MDT task Sequence.
Fix to update Boot images to Windows 10 ADK after installing Service Pack 1 for ConfigMgr 2012 R2
Microsoft has released build 10041 of Windows 10 Technical preview, but again there is only an ISO for the Professional edition.The workaroundwell lucky for us, there is a way around this. It is possible to utilize DISM to change editions of Windows, so by running a few commands we can upgrade the install.wim from Pro to Enterprise.To do this you need a computer with Windows 10 installed, as we need the latest version of DISM. Simply install Windows 10 Pro using the latest release on a physical or virtual computer.Mount the Windows 10 Pro ISO, and copy the content to [...]
How Nomad can help reduce WAN congestion, and eliminate most of your DPs.
How do I create a shortcut that runs as Administrator?
If you have changed the default values for LogMaxSize and LogMaxHistory in your SMSTS.ini in your boot media, some of you might have experienced that these values gets reset to their default values (1000000 and 1) during a refresh scenario. This causes us to loose build history and makes troubleshooting quite difficult as logs are incomplete. Well, our friends over at E1 have created a nifty little tool that you can use to overcome this issue. The tool will change the following variables that controls the log behavior, these are normally read-only and can not be changed the way we [...]
When you create Task Sequence media in Configuration Manager, the environment variable TMP is used to locate temporary storage for the creation process. By default this points to the users temp folder, which is usually on C: drive with limited space. While this is normally not a problem for creating an online boot media, creating offline media with many driver packages, software packages etc. you are bound to run into trouble. It is not only the Create TS Media wizard that uses this location, is also used when a WIM file needs to be mounted, so every time you create [...]
While this is not a newly discovered hack, I feel that we can not stress the importance of using Bitlocker to encrypt our hard drives. If you like me encounter customers that still runs their computers unencrypted, and don’t see the need for encryption. just use the following guide to show them how easy it is to activate the local administrator account and reset its password. Step 1 Show the customer that the local administrator account is disabled. (or that you don’t know the password). Step 2 Boot from any bootable media, such as the original installation media, Ultimate Boot [...]
How do I secure my clients with Endpoint Protection using the deploy Task Sequence.
Changing default wallpaper, but still allowing user to set their own.
Windows 8 comes with the option to pre-provision the disk for use with BitLocker, allowing only the used-space to be encrypted, thus reducing the encryption time a lot. Problem occur when enterprises want to use the Microsoft Bitlocker Administration and Monitoring (MBAM) toolkit from the Microsoft Desktop Optimization Pack (MDOP) to store BitLocker recovery keys, and track compliance. MBAM 2.0 sp1 does not support used-space encryption as per the release notes, forcing enterprises to either drop MBAM or perform full encryption of the disk, which can be a time consuming task depending on disk size and CPU performance. After spending [...]
After expanding a stand-alone Primary Site to CAS, Software Opdate point fails to synchronize