Set Desktop and Lock Screen wallpaper with Intune in Windows 10

This is a quick blog post to show you can set this fairly easily using Intune. Intune requires you to point to a URL for the wallpaper which at first seems a bit odd, but it actually makes a lot of sense when you have solutions like OneDrive. What am I talking about? Well, find a suitable wallpaper and place it on your Sharepoint OneDrive or Personal OneDrive. Then share the wallpaper and create a public viewing link like so   Next, test the link by pasting the URL into your browser and take a look at the result. It [...]

How to manage Bitlocker on a Azure AD Joined Windows 10 Device managed by Intune.

When joining a computer to AAD either manually or by using a provisioning package, Bitlocker will be enabled automatically if your device has the necessary prerequisites. However in the case that Bitlocker is disabled this is how you enable Bitlocker, save the Bitlocker Key Protector to ADD (also known as the recovery key) and recover the key in the case you need it. So this blog post is both for the end-user and IT-pro I guess. In this scenario we have configured a Device Compliance Policy in Intune where we require Encryption of data storage on devices and sent the [...]

Disable Onedrive Updates from a Task Sequence

In order to fully control OneDrive updates I was tasked to find a method to disable OneDrive from doing updates on its own. Given that there is no registry setting or GPO that allow you to disable automatic updates from happening I was forced to look for other methods. The update check is performed by a Scheduled Task that runs once every day If you look in the Scheduled Task manager you will find one or two tasks related to OneDrive. So in order to prevent OneDrive from doing any updates I first tried to delete any tasks related to [...]

By | 2017-08-22T10:30:37+00:00 April 18th, 2017|Configuration Manager (SCCM)|0 Comments

Getting WSUS sync errors in ConfigMgr 1702

Got a lot of these today on my ConfigMgr 1702 site server. STATMSG: ID=6704 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CTSCCM01.CORETECH.INTRA SITE=CT1 PID=10584 TID=18504 GMTDATE=ti apr 11 20:00:03.729 2017 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:03    18504 (0x4848) Synchronizing WSUS server ctsccm01.coretech.intra ...    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:04    29196 (0x720C) sync: Starting WSUS synchronization    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:04    29196 (0x720C) sync: WSUS synchronizing categories    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:12    29196 (0x720C) sync: WSUS synchronizing categories, processed 2 out of 2 items (100%)    SMS_WSUS_SYNC_MANAGER    11-04-2017 22:00:13    29196 (0x720C) Sync failed: UssInternalError: SoapException: Fault occurred~~at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, [...]

By | 2017-04-11T22:23:14+00:00 April 11th, 2017|Configuration Manager (SCCM)|4 Comments

Windows 10: Upgrade the edition with Intune in the new Azure Portal

Most professional PC’s delivered today is delivered with Windows 10 Pro (out of the box) which is a really good Operating System, covering most use-cases. However in the world of BYOD and CYOD (Bring your Own / Choose your Own Device) companies, enterprises, goverments, schools etc. often want to upgrade to either Enterprise or Education since these editions of Windows 10 are more feature rich and has a couple of enhancements compared to Pro. Luckly, changeing the SKU does not involve a reinstallation or an major upgrade of the OS. And from Windows 10 1607 (Anniversary Update) you could go [...]

Windows 10 1703 Creators Update: First impressions

Windows 10 creators update is out and I wanted to create a quick blog of the initial experience installing and enrolling it into one of my Azure Active Directory (AAD) test tenants. The initial installation is more or less the same as before, but we know for a while that Microsoft will improve the OoBE (Out of Box Experience) where it now has a new nicer flow and UI. It’s very interesting to see how Microsoft is investing in these types of features and it tells us (in my opinion) how Microsoft looks at the future of Device/Windows deployment and [...]

A couple of nice little OSD tweaks in ConfigMgr 1702

ConfigMgr 1702 have a wealth of new features and client management improvements. This one might not be the reason you upgrade, but it’s still nice and worth a blog post. With 1702 you can customize your task sequence information and control what’s being displayed to the end-user. in this example you should notice a few changed in software center. Looking at my Upgrade task sequence, I now have information about download time/size and restart. when I start the task sequence, I have interesting information from my IT department telling me why the company is upgrading to Windows 10 All of [...]

Android for Work in Configuration Manager 1702

Android for Work support was introduced in Intune standalone in late 2016. With the latest release of Configuration Manager current branch we also have AFW support in hybrid environments. In order to configure AFW a few things to you need to ensure first: Have a couple of Android devices with Android 5.0 or higher Create a Google account to be used as the Android for work admin account Configure Android for Work In the ConfigMgr console navigate to Administration workspace / Overview / Cloud Services / Microsoft Intune Subscriptions and click Configure Platforms / Android For Work. Notice the dialog [...]

By | 2017-03-27T08:38:21+00:00 March 27th, 2017|Configuration Manager (SCCM)|1 Comment

Cloud Management Gateway with Sub CA

The new Cloud Management Gateway is going to make a big difference in the way we manage endpoints away from home in the future. The feature is a System Center Configuration Manager 1610 pre-release feature. Being a pre-release typically means = a little troubleshooting is required to get the feature working in different environments. In my previous blog post I described an issue with software update scan failing. The troubleshooting steps used in this blog post, are similar what I have described there. In this environment we have a PKI with a Sub CA, and as part of the certificate [...]

By | 2017-03-15T10:54:35+00:00 March 15th, 2017|Configuration Manager (SCCM), General info|9 Comments

Software Update scan error using Cloud Management Gateway

First, I need to say….the new Cloud Management Gateway feature in Configuration Manager 1610 is awesome. There are a couple of gotchas you need to know about, when creating the service, but once you have overcome those hurdles - you will look like a hero at work, and be known as the person who finally enabled client management on internet based endpoints like road-warriors and colleagues working from home. In the wuahandler.log on the client you might run into Scan failed with error = 0x80240439. If that happens, first step in your troubleshooting should be checking he configuration manager agent [...]

By | 2017-03-14T08:13:09+00:00 March 14th, 2017|Configuration Manager (SCCM), General info|5 Comments

Q&A from the Flexera & Coretech webinar

Could you please tell me how many days can I use the trial version of Dashboard? Looks very useful for my SCCM infra. Also please let me know how to opt for dashboard after the trial period.First a huge thanks for all attending the webinar, as promised he are a list of the questions that we didn’t have time to answer during the webinar. Q: We already use Flexera for compliance. Is "Patching" included in it OR is it a separate module? A: Patching is integrated in the standard CSI solution. You can either patch using WSUS or integrate with [...]

By | 2017-01-26T12:17:24+00:00 January 26th, 2017|Configuration Manager (SCCM), General info|0 Comments

Default Site-Boundary-Group and boundaries

The purpose of the Default Site-Boundary-Group is to service clients that are not served by any other boundary group (that being local boundary group or neighbor boundary group). However in ConfigMgr 1610 there has been some confusement around the fact that you can add boundaries to the Default Site-Boundary-Group . I’ve been asked a couple of times if we should add all boundaries to the Default Site-Boundary-Group since the group is automatically configured for Site assignment. My take on that is NO, don’t use the Default Site-Boundary-Group as you don’t really control it. You will also notice that you can’t [...]

By | 2017-01-23T13:34:33+00:00 January 23rd, 2017|Configuration Manager (SCCM), General info|3 Comments

Error installing WSUS using a remote SQL and non-standard SQL port

Ran into this error earlier today while trying to install WSUS using a remote SQL 2014 SP2 server with non-standard SQL ports. 2016-11-22 20:30:13  Stopping service WSUSService 2016-11-22 20:30:13  Stopping service W3SVC 2016-11-22 20:30:13  Configuring database... 2016-11-22 20:30:13  Configuring the database... 2016-11-22 20:30:13  Establishing DB connection... 2016-11-22 20:31:14  System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a [...]

By | 2017-08-22T10:29:40+00:00 November 22nd, 2016|Configuration Manager (SCCM), SQL|0 Comments

Unlock BitLocker Encrypted Drive From WinPE the Secure Way!

I have seen several blog posts on how to unlock a BitLocker encrypted drive from Windows PE, using the recovery password stored in the Microsoft Bitlocker Administration and Monitoring (MBAM) SQL Server database. What's the problem with these solutions? All of these have one thing in common: they query the SQL database directly, requires changing SQL Server configuration and granting access to the database directly. Why is this a problem? Well, in my opinion this is a bad design approach, as the core purpose of implementing BitLocker volume encryption and MBAM is to secure our data from being compromised. By [...]

By | 2016-10-12T08:49:13+00:00 October 12th, 2016|Configuration Manager (SCCM), OS Deployment, Security|8 Comments

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization In my work as an advisor and consultant I see organizations adapting to the emerging IT landscape, where user behavior is changing and security risks are increasing. In the midst of this change, I encounter frustrated IT professionals trying to keep up with everything and not having enough time to do so. I encourage my customers to be on top of changes and make sure they stay on top. That message goes beyond IT pros and extends to business owners and managers who can no longer afford [...]

Unknown error creating the Intune connector in Configuration Manager CB

Recently ran into an unknown error while trying to create the Intune connector in ConfigMgr 1602 (and 1606). The error occurred in the “Create Microsoft Intune Subscription Wizard” when trying to Sign in using a Global Admin Azure account. For those of you who do not understand Danish (yet), the error message is something like “An Unexpected error occurred”. The GA Azure account is a “service account” and not used to enroll mobile devices. For that reason the account wasn’t assigned an Enterprise Mobility Suite (EMS) license.  The solution: Assign an EMS license in Azure Active Directory to the Global [...]

Error enrolling devices into Intune & Configuration Manager 1602

Enrolling devices into Intune and & ConfigMgr is normally straight forward until you run into issues. Below is an example where I received an enrollment error (picture 1), clicking Continue leads me to picture 2. As you can see in picture two the Enrollment Update turns from Warning to Checkmark, but only for about 5 seconds then it goes back to a warning.     Troubleshooting mobile devices is slightly different than traditional desktop troubleshooting. The troubleshooting options depends on the device (Android, iOS or Windows). In this example my device was an Android. You can email the log files [...]

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By | 2016-05-31T21:32:16+00:00 May 31st, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By | 2016-05-26T17:43:26+00:00 May 26th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - http://cm12sdk.net/?p=1006 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By | 2016-05-24T15:23:08+00:00 May 24th, 2016|Configuration Manager (SCCM)|0 Comments

Creating ConfigMgr Servicing Plans with PowerShell

Last week we got a new set of cmdlets for Configuration Manager and now we have the ability to create Servicing Plans with PowerShell. I put together end-to-end example and with this script you can: Create a folder called Software Updates (cant move Device Collections into a folder because Move-CMObject is broken in latest release) Create 5 Device Collections Create Software Updates Deployment Package Download the necessary upgrade package Distribute the package to a Distribution Point Create 5 different Servicing Plans   ############ WINDOWS 10 SERVICING ###############################     Get-CMWindowsServicingPlan     New-CMWindowsServicingPlan #These cmdlets require Configuration Manager 1511 or newer. $DeploymentPackageName [...]

By | 2016-05-23T16:18:15+00:00 May 23rd, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Links from our MMS ConfigMgr precon session

Thanks for all the questions and tweets during the opening session yesterday. Jason, Anne and I really enjoyed the afternoon. As promised here are the links from the session. Update 1605 for Configuration Manager Technical Preview: https://blogs.technet.microsoft.com/configmgrteam/2016/05/16/update-1605-for-configuration-manager-technical-preview-available-now/ winpe peer caching: https://blog.ctglobalservices.com/kea/win-pe-peer-caching-in-configmgr-current-branch/ Client install failing on management point: https://blog.ctglobalservices.com/kea/configmgr-client-failing-to-install-on-management-point/ Startup script: http://blog.configmgrftw.com/configmgr-client-startup-script/ SQL XL sheet: https://t.co/XUXuUfxuaq Cache management example: https://blogs.msdn.microsoft.com/helaw/2014/01/07/configuration-manager-cache-management/ SQL best practice: https://stevethompsonmvp.wordpress.com/2016/02/05/proper-tempdb-creation-for-configuration-manager/ & https://stevethompsonmvp.wordpress.com/2014/05/19/powershell-sql-audit-script/  

By | 2017-08-22T10:28:42+00:00 May 17th, 2016|Configuration Manager (SCCM), Events, SQL|0 Comments