Simplified Installation of a Cloud Management Gateway

The CMG is a role introduced in ConfigMgr Current Branch 1610. The purpose of the Cloud Management Gateway is to simplify installation and strengthen security of managing clients over the Internet. This is achieved by hosting the necessary services in Azure. To date however many customers have been hesitant to deploy a CMG due to the perceived complexity of the certificate requirements that the solution has required. Using ConfigMgr 1804 tech preview and working along-side the Microsoft product team I have been able to reduce the certificates required down to 1 single certificate. My certificate is issued by a public [...]

By | 2018-05-26T23:38:18+00:00 May 23rd, 2018|Configuration Manager (SCCM)|10 Comments

DeviceMap and Device Inventory Failures in Win7 to Win10 1709 In-Place Upgrades

**UPDATE**  to the  **UPDATE**  **UPDATE** There has been "multiple TONS" of amazing and diligent work done by some extremely talented individuals to not only uncover some extreme deficiencies in the MS update process but more importantly, to help the community to cope, resolve and move forward!  If this blog post is along the lines of anything you are experiencing, please immediately take a moment to read through this blog post by my friend @AdamGrossTX which should answer all your questions and also provide a solution for "what ails you".  Please also take a moment to follow another friend, @SeguraOSD who has developed [...]

Win7 to Win10 In-Place Upgrade Failures w/ DownLevel 0xC1900208 Error Codes

This will be short and sweet as I am not fond of typing nor do I wish to waste your time with wordy explanations. If you require more details, simply reply to this blog and I will do my best to assist. ENVIRONMENT/SCENARIO: The environment is ConfigMgr (CM) 1710 with a slew of Win7 Lenovo models in dire need of Win10 1709 in-place upgrades. Delivery of Win10 1709 is by way of a CM Task Sequence (TS) with no out of ythe ordinary configurations that would be noteworthy. CHALLENGE: I recently ran into a frustrating challenge where my Win7 to [...]

Taking advantage of Run Script in ConfigMgr 1710

As most of you already know, Microsoft has released a new function in ConfigMgr to run scripts directly on computers and/or servers in your environment. With this new function, scripts can be run in real time on a single computer or an entire collection. How cool is that? This was initially released in the 1706 Tech Preview, but since then Microsoft has put a lot of effort into the functionality of the latest builds and have really made it shine! If you’re like me, you might get stuck in the “this is awesome but how do I move forward with [...]

By | 2017-12-20T09:12:22+00:00 December 20th, 2017|Powershell|1 Comment

Create ConfigurationItems and Baselines without killing your mouse

This information applies to ConfigMgr version 1710 and later. One of the things I really love about working in IT is that you can learn new stuff all the time, and when new stuff turns into boring repetitive stuff you can apply automation and add yet another new piece of learning to your skillset. Over the last few releases of Configuration Manager, the product team has added some new cmdlets for managing Configuration Items and Baselines, and I started to look into these when I was given the task to create a lot of very similar CIs and Baselines for [...]

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Q&A from the Flexera & Coretech webinar

Could you please tell me how many days can I use the trial version of Dashboard? Looks very useful for my SCCM infra. Also please let me know how to opt for dashboard after the trial period.First a huge thanks for all attending the webinar, as promised he are a list of the questions that we didn’t have time to answer during the webinar. Q: We already use Flexera for compliance. Is "Patching" included in it OR is it a separate module? A: Patching is integrated in the standard CSI solution. You can either patch using WSUS or integrate with [...]

By | 2017-01-26T12:17:24+00:00 January 26th, 2017|Configuration Manager (SCCM), General info|0 Comments

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By | 2016-05-31T21:32:16+00:00 May 31st, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By | 2016-05-26T17:43:26+00:00 May 26th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - http://cm12sdk.net/?p=1006 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By | 2016-05-24T15:23:08+00:00 May 24th, 2016|Configuration Manager (SCCM)|0 Comments

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: www.enrollyourdevice.com Also check out the Microsoft EMS Resources App https://www.microsoft.com/store/apps/9nblggh6j3fq and YouTube page https://www.youtube.com/channel/UCbf6dOWcNhRgLHDEXJWqiNw for more information about Microsoft [...]

OMS/EMS Seminar March 2016: Enterprise Mobility Suite Session Notes and slides

Hi First and foremost, thanks to all attendees for a great day on Wednesday. Lots of great questions and discussions and to all of you who is wondering what happened to my girlfriend’s phone – well I had to un-enroll it the morning after!  For those of you who are waiting for the EMS-book that Kent is writing together with Peter Daalmans, it is not to long until it is published so stay tuned! I will update this blog post with link to the book when it is out.. Download the slide deck: EMS Microsoft EMS Resources app is free and [...]

December 11: Microsoft Enterprise Mobility Suite (EMS) Resources at your fingertips

I know it's a pompous title, but that still the idea behind what I want to show next. As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. Now for some time now I have been working with Cloud services like Microsoft Intune and eventually EMS after the suite [...]

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = 'DP01.4demo4.com' $SiteCode = 'PS1' # Test the connection to server     Test-Connection         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature         -Name Web-ISAPI-Ext,Web-Windows-Auth,Web-Metabase,Web-WMI,RDC         [...]

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to create and install local packages. Without it, only packages from Microsoft Update will be installed. How-ever this time I got this error when trying to 'Automatically create and install certificate'  during the Connector Wizard: An error occurred when creating the WSUS Signing Certificate Now this [...]

By | 2015-10-20T20:14:46+00:00 October 20th, 2015|Configuration Manager (SCCM), Security|1 Comment

How to: Create custom SQL- based Reports in System Center 2012 R2: Configuration Manager

A customer asked me  for a “how-to” on how to Create reports in SCCM 2012, so why not share with everyone. This post is not intended to show how to write or design queries, but show you have to create  a report based on a SQL query you might already have. Even-though we are skipping how to write SQL Queries for know, this post is still going to be a bit long. Time for that cup of coffee! First some requirements: You need to have an SQL Server instance for SCCM with SQL Reporting Services running You need to have [...]

Upgrade System Center Configuration Manager Console with PowerShell

Since Service Pack 1 was released to SCCM 2012 R2 I have been upgraded several environments. A couple of customers wanted me to create a PowerShell script to uninstall existing ConfigMgr Console and install the new updated version with the latest cumulative updates and hotfixes. If you create a package to distribute it with SCCM make sure you point the Data source to the location of the Client installations files, Script, KB3084586-msp and kb3074857-msp. Installation command for the program will then be: PowerShell.exe -file "script.ps1". Remember to set PowerShell execution policy to "Bypass" under Client Settings. This will not affect [...]

Working with managed applications within Configuration Manager 2012 R2 SP1

First, let’s define a managed application. In essence it’s a special policy that enable you to control settings in the application or browser like data encryption, can the user save the document as a new file etc. To successfully deploy a managed application you need to mix the application deployment with an application management policy. Configuration Manager will automatically discover if the application can be managed and will show an additional page in the wizard when you create the deployment. It’s worth noting that not all applications can be managed. They have to have the Intune App SDK built-in or [...]

Change device ownership in Configuration Manager with PowerShell

All newly enrolled devices are enrolled as Personal Devices by default in Configuration Manager and we cant change the default behavior. If the Device Ownership is Company, then we can inventory all the installed applications and we can also do mandatory installations. If the Device Ownership is Personal, then we can inventory only applications that are installed through Company Portal. If your company policy is that all the devices must be company-owned, then you can use this script to query a specific collection devices and it will set the Device Ownership to Company. [crayon-5ba2b262da17a062944886/]

Scripts and links from my sessions @IT/Dev connections

A big thanks to all who attended at our sessions. Below are the links to the scripts and blog post we referenced during the session. Hope to see you all again next year! Managing Configuration Manager with PowerShell  Building Custom Tools Using PowerShell  Truly Better Together: Configuration Manager 2012 R2 and PowerShell  Quick and Dirty – Build Configuration Manager 2012 Admin Console Extensions automatically - http://cm12sdk.net/?p=2299 Configuration Manager 2012 R2 Developer Excel Sheet - http://cm12sdk.net/?p=2326 Does Your Hard Work Advance the Ecosystem? - http://blogs.msdn.com/b/powershell/archive/2011/02/07/does-your-hard-work-advance-the-ecosystem.aspx Coretech Collections Tool - https://blog.ctglobalservices.com/kaj/coretech-configuration-manager-2012-r2-powershell-automation-module-0-1/ Before you start using these script examples on your production environment, please make [...]

House of Cards–The ConfigMgr Software Update Point and WSUS

A Card house; fun to build but not very solid and when one card falls the whole house often goes down with it. It’s a little like that with the WSUS server and Configuration Manager. Installing WSUS seems so easy but there are still some moving part, and if you get one of the wrong maybe the whole House of Cards falls. Recently I have seen that happen at several customers. This blog post is divided into 3 parts: 1. Introduction 2. Problem overview and symptoms 3. Solutions to fix issues and avoid it in the future Let’s start by [...]

By | 2014-09-10T14:38:25+00:00 September 10th, 2014|Configuration Manager (SCCM), General info|48 Comments

System Center 2012 Configuration Manager SP1 Cumulative Update 1 PowerShell Parameter Sets Excel Sheet

I just updated the SP1 RTM version of Configuration Manager 2012 SP1 RTM PowerShell Parameter Sets Excel sheet and with SP1 CU1 we have 511 CMDLETS and 1675 parametersets :)   You can download the Excel Sheet from here Happy Scripting Kaido