Set computer name with Autopilot in Windows 1809

A quick blog post to show you that it is now possible to set computer name of an device going through the Out-of-Box experience enabled with Autopilot in Intune! This is new capabilities in Intune which is only available with Windows 10 RS5 1809. This post assume that you have an autopilot profile and that it is already assigned and in use. If not I recommend looking at the links below to get you started with Autopilot. For more information visits these websites: Overview of Windows Autopilot: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot Whats new in Autopilot as of 24/9-18: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-Windows-Autopilot-capabilities-and-expanded-partner-support/ba-p/260430 Now over to the [...]

To OOBE or not to OOBE

In my most recent customer project I was building a Windows 10 1803 reference image.For this build I came across a kind of strange issue.When deploying the reference image using SCCM, I got a weird error right at the end of the task sequence.If I clicked Try again Windows would do something for a few seconds and then the task sequence would finish like nothing went wrong.And the odd thing was that nothing seemed to be wrong, everything worked.But the error would pop up every single time and that was not something I could ignore.So I google’d and chased all [...]

Deploy Cloud Disitribution Point in ConfigMgr 1805 TP

Starting with ConfigMgr 1805 tech preview it is possible to use the Azure Resource Manager platform when creating an instance of the cloud distribution point. ARM eliminates the need for management certificates by utilizing Azure Active Directory for authentication. The other major improvement in this iteration of the CDP is that it eliminates the need for a management certificate. This process should be the same for ConfigMgr 1806, if not I will update this blog when 1806 is released. 1.  Pre-requisites a.       You must have Azure AD. b.       Create a public facing CNAME record that maps your service name (ex [...]

By | 2018-06-04T01:27:41+00:00 June 2nd, 2018|Configuration Manager (SCCM)|2 Comments

Simplified Installation of a Cloud Management Gateway

The CMG is a role introduced in ConfigMgr Current Branch 1610. The purpose of the Cloud Management Gateway is to simplify installation and strengthen security of managing clients over the Internet. This is achieved by hosting the necessary services in Azure. To date however many customers have been hesitant to deploy a CMG due to the perceived complexity of the certificate requirements that the solution has required. Using ConfigMgr 1804 tech preview and working along-side the Microsoft product team I have been able to reduce the certificates required down to 1 single certificate. My certificate is issued by a public [...]

By | 2018-05-26T23:38:18+00:00 May 23rd, 2018|Configuration Manager (SCCM)|12 Comments

DeviceMap and Device Inventory Failures in Win7 to Win10 1709 In-Place Upgrades

**UPDATE**  to the  **UPDATE**  **UPDATE** There has been "multiple TONS" of amazing and diligent work done by some extremely talented individuals to not only uncover some extreme deficiencies in the MS update process but more importantly, to help the community to cope, resolve and move forward!  If this blog post is along the lines of anything you are experiencing, please immediately take a moment to read through this blog post by my friend @AdamGrossTX which should answer all your questions and also provide a solution for "what ails you".  Please also take a moment to follow another friend, @SeguraOSD who has developed [...]

Win7 to Win10 In-Place Upgrade Failures w/ DownLevel 0xC1900208 Error Codes

This will be short and sweet as I am not fond of typing nor do I wish to waste your time with wordy explanations. If you require more details, simply reply to this blog and I will do my best to assist. ENVIRONMENT/SCENARIO: The environment is ConfigMgr (CM) 1710 with a slew of Win7 Lenovo models in dire need of Win10 1709 in-place upgrades. Delivery of Win10 1709 is by way of a CM Task Sequence (TS) with no out of ythe ordinary configurations that would be noteworthy. CHALLENGE: I recently ran into a frustrating challenge where my Win7 to [...]

Automating SSRS favorites with REST API

This information applies to SQL Server Reporting Services 2017 and later. As more and more organizations rely on visualization and reporting to get the information they need, more and more reports come into play. With Configuration Manager 1710 you get almost 500 reports where only a subset are relevant to you and your team. This blog post will show you how you can automate the use of favorites in SQL Reporting Services 2017. Prior to SSRS 2017 you had to find the report and mark it as a favorite. Beginning from SSRS 2017 we can now use a combination of [...]

Q&A from the We Speak Geek webinar

First a huge thanks to the many that tuned in to our 3 webinars on ConfigMgr Challenges in 2017. As promised here are answers to the many questions we had. For more questions, please reach out to Jason Sandys @JasonSandys or Kent Agerlund @Agerlund. For those who didn’t have a chance to attend, recordings are available here: https://info.flexerasoftware.com/SVM-WBNR-We-Speak-Geek-SCCM-Admin-PrioritiesQ &A From the North America webinarWith Windows 10 Servicing - how have you found keeping these up to date? I have 10k workstations, and with resources i can't keep up with 6 monthly releases. With the products i have to get updated/tested/confirmed [...]

By | 2017-12-21T18:57:27+00:00 December 21st, 2017|Configuration Manager (SCCM)|0 Comments

Create ConfigurationItems and Baselines without killing your mouse

This information applies to ConfigMgr version 1710 and later. One of the things I really love about working in IT is that you can learn new stuff all the time, and when new stuff turns into boring repetitive stuff you can apply automation and add yet another new piece of learning to your skillset. Over the last few releases of Configuration Manager, the product team has added some new cmdlets for managing Configuration Items and Baselines, and I started to look into these when I was given the task to create a lot of very similar CIs and Baselines for [...]

Create User collections based on AD department attribute with Powershell

If you are an organization who uses the Department attribute in Active directory and want to target users withing those departments for different deployments but you have a lot of departments and you don't know where to start, well then this post might be useful for you.   The script in this post retrieves all the departments that gets collected by the Users AD attribute by ConfigMgr (Not turned on by default needs to get added. See guide below) and from those departments it creates a user collection with a query that populates the collection with all users who are [...]

By | 2017-12-14T19:41:24+00:00 December 14th, 2017|Configuration Manager (SCCM), Powershell, Scripting|10 Comments

ConfigMgr PowerShell and WMI Excel spreadsheet

I just posted on Github updated version of Excel spreadsheet where you can find all the ConfigMgr PowerShell cmdlets, Primary Site WMI namespace methods, ConfigMgr Client WMI methods and COM object methods as well. You can download the Excel spreadsheet from here - https://github.com/Kaidja/ConfigMgrSDK/blob/master/ConfigMgr_cmdlets.xlsx

By | 2017-12-08T09:48:01+00:00 December 7th, 2017|Configuration Manager (SCCM), Powershell, Scripting|0 Comments

PowerShell Script for updating Runbook Steps in a Task Sequence!

The MDT Toolkit is great! One very useful feature is the “Execute Runbook” Step, which can execute a runbook in Orchestrator. Unfortunately Orchestrator has a little quirk, when moving to new environment, such as moving from Test to Prod. All runbooks get a new GUID, and runbook parameters might get a new GUID.  Besides this, the Server names usually needs to be changed too! This can be a trivial task, which an automation guy like me hate to do! Everytime Server name is updated, all parameters has to be setup again. This also makes the task prone to errors! So [...]

How to use SCCM SDK in C# with a WQL Query that contains joins

Sometimes you just stop and wonder: how DO you make a WQL query with joins and use it with the SCCM SDK in C#? It's that gnawing thought we all have right? So after spending an hour reading through people saying: "It's NOT supported!" and some people who said it was (without any examples whatsoever), I managed to get a small sample working. So if any of you should come across this challenge (which is of course the most of the world), then here is a code-example on how to do it: It's a small console application that output all [...]

The Big Bang and how it changed my life as an IT Pro

Maybe a misleading headline for my blog post, as it’s really the opposite message I’m trying to deliver. The Big Bang I’m referring to in the title is the change to a Cloud world from our “good old” on-premises infrastructure. For many organizations the Big Bang still hasn’t happened, not that organizations are not embracing new Cloud opportunities, most just can’t change everything overnight. Starting 5-6 years ago, I heard and read many stories that the “Cloud era” would be the end of life as we know it for IT Pros. Personally, I claim this statement to be false.For this [...]

By | 2017-11-14T16:10:52+00:00 November 14th, 2017|Configuration Manager (SCCM), Security, Windows Client|1 Comment

ConfigMgr: Issues setting up new MP’s? Check your SPN’s!

An old topic, revisited; This is just a quick blog post to inform any in the same situation as myself where a customer had some issues setting up 5 MP's at a customer. Now we all know that when setting up an new MP, or over time we may get some errors returned to us in one of the many log files monitoring the Management Point service in ConfigMgr. This is because MPs has quite a few prerequisites that either needs to be in place before it functions properly or needs TLC over time. The other day I was at [...]

By | 2017-11-13T00:22:16+00:00 October 30th, 2017|Configuration Manager (SCCM)|2 Comments

It’s here, Android O aka Android Oreo

Google just announced the release of Android 8.0 aka Android Oreo - https://www.android.com/versions/oreo-8-0/ and https://youtu.be/twZggnNbFqo lot’s of new cool features to look forward to, and also important architecture changes. My believe is that especially the architecture change, will have an impact on those administrators managing Android devices as future OS upgrades can come faster. The vendor specific implementation will now be separated from the OS framework as illustrated below. This change, and many of other security features will all be supported from Microsoft Intune and Microsoft System Center Configuration Manager with Zero day support. Before moving into testing, a couple [...]

System Center Configuration Manager Toolkit Package Download Very Slow

Recently I built a new ConfigMgr/SCCM environment for a customer. I installed the Microsoft Deployment Toolkit and created an MDT integrated task sequence in SCCM. The deployment task sequence that I created was very slow, it took at least a couple of hours to load. I noticed that the toolkit package was taking approximately 30 minutes to download. The site server was running Symantec antivirus and I had not yet configured any antivirus exclusions. This was a simple sign server environment therefore I add the exclusions listed in this article on the site server. In a more complex environment the [...]

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

Configuration Manager Current Branch upgrade stuck in downloading

Managing Configuration Manager is like operating a high-speed train with new monthly updates to the Technical Preview build and 3 yearly updates to the production build. No matter how smooth and easy the upgrade process has become, an upgrade is still an upgrade and things can go wrong (read: backup/snapshot first). With the release of Technical Preview 1705 (and now also found in production build 1706), the Configuration Manager Update Reset Tool - CMUpdateReset.exe were released. The tool will assist if you experience issues with new upgrades/hotfixes stuck in download. You’ll find the tool in .\microsoft configuration manager\cd.latest\smssetup\tools. I recently [...]

By | 2017-07-30T15:18:06+00:00 July 30th, 2017|Configuration Manager (SCCM), General info|10 Comments

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

By | 2017-07-29T11:17:31+00:00 July 29th, 2017|Configuration Manager (SCCM), Powershell|5 Comments

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Petya Ransomware – The Attack method and Preventing it

Todays News is all about Petya - but the way it gets onto PCs and spreads across the network is actually old news. In short, Petya does 3 things: Encrypt your files, Steal credentials, spread to other machines. It takes advantage of the "Shadow Broker Vulnerability" MS17-010. If you have patched your machine, you will not be hit with the SMB exploit. How ever it also use Mimikatz like capabilities to steal credentials from the local machine and copy it self to other machines $Admin share. A kill-switch has been described as simple as creating a file called C:\Windows\perfc (without [...]

Primary Site Fault Tolerance makes it in TP1706

Not sure if the ConfigMgr team ever sleeps, month after month new features are released in ConfigMgr Technical Preview. June is no exception, and I must confess this is truly the month I have been waiting for. Among many of the new features we now have support for active/passive site servers. A passive primary site server adds fault tolerance to your site by creating a copy of your primary site server and keeping it in sync. If a disaster occurs, you can manually make the passive site server active. There are a couple of things you need to consider before [...]

By | 2017-08-22T09:33:56+00:00 June 25th, 2017|Configuration Manager (SCCM)|2 Comments

ConfigMgr and Flexera Software CSI (3. Party Patch Management): Install the CSI Plugin

This is a quick and dirty how-to guide as I have a couple of customer who have asked for the same – how to Install the CSI Plugin in order to Connect the Flexera CSI to your ConfigMgr/WSUS/SUP infrastructure where you get the ability to monitor 3rd party vulnerabilities and remediate any threats by patching or removing software. This is a great management tool addon to your WSUS/ConfigMgr infrastructure and is a must for a complete patch management solution. If you are new to Flexera Software CSI I suggest you go to the following links where you can read up [...]

By | 2017-05-14T18:56:16+00:00 May 14th, 2017|Configuration Manager (SCCM)|0 Comments