Identifying Azure AD users with ConfigMgr

I wanted to share an interesting find I had with a customer today. We were working on a task to populate some user collections for a deployment and we saw that one collection had a lot more users included than it should have. We figured it must be users coming from Azure AD (AAD) which made me wonder; how could we easily identify only AAD users and use that technique to exclude the unnecessary users from the collection we were creating? First we tried using the "Agent Name" attribute on the user object. This could in theory work, since it [...]

By |2019-02-21T22:22:05+01:00februar 19th, 2019|Azure, Configuration Manager (SCCM)|Kommentarer lukket til Identifying Azure AD users with ConfigMgr

Disabling LEDBaT on Your Windows 2016/2019 Server

I have seen a few threads across a couple of forums asking about how to disable LEDBaT correctly. Here are two options which are applicable across a couple of scenarios: Scenario#1: You are confident you do not have any other custom CongestionProvider or TransportFilter configurations on your server. Solution: 1 of the 2Pints, Phil Wilcock (follow: @2PintPhil), has provide what is by far the quickest and easiest solution with good 'ol netsh: netsh int tcp reset *When you run the reset command, it overwrites the following registry keys, both of which are used by TCP/IP: SYSTEM\CurrentControlSet\Services\Tcpip\Parameters SYSTEM\CurrentControlSet\Services\DHCP\Parameters This has the same effect as [...]

By |2018-11-19T06:23:22+01:00november 18th, 2018|Configuration Manager (SCCM), Powershell, Scripting|3 Comments

Set computer name with Autopilot in Windows 1809

A quick blog post to show you that it is now possible to set computer name of an device going through the Out-of-Box experience enabled with Autopilot in Intune! This is new capabilities in Intune which is only available with Windows 10 RS5 1809. This post assume that you have an autopilot profile and that it is already assigned and in use. If not I recommend looking at the links below to get you started with Autopilot. For more information visits these websites: Overview of Windows Autopilot: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot Whats new in Autopilot as of 24/9-18: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-Windows-Autopilot-capabilities-and-expanded-partner-support/ba-p/260430 Now over to the [...]

Simplified Installation of a Cloud Management Gateway

The CMG is a role introduced in ConfigMgr Current Branch 1610. The purpose of the Cloud Management Gateway is to simplify installation and strengthen security of managing clients over the Internet. This is achieved by hosting the necessary services in Azure. To date however many customers have been hesitant to deploy a CMG due to the perceived complexity of the certificate requirements that the solution has required. Using ConfigMgr 1804 tech preview and working along-side the Microsoft product team I have been able to reduce the certificates required down to 1 single certificate. My certificate is issued by a public [...]

By |2018-05-26T23:38:18+01:00maj 23rd, 2018|Configuration Manager (SCCM)|16 Comments

DeviceMap and Device Inventory Failures in Win7 to Win10 1709 In-Place Upgrades

**UPDATE**  to the  **UPDATE**  **UPDATE** There has been "multiple TONS" of amazing and diligent work done by some extremely talented individuals to not only uncover some extreme deficiencies in the MS update process but more importantly, to help the community to cope, resolve and move forward!  If this blog post is along the lines of anything you are experiencing, please immediately take a moment to read through this blog post by my friend @AdamGrossTX which should answer all your questions and also provide a solution for "what ails you".  Please also take a moment to follow another friend, @SeguraOSD who has developed [...]

Win7 to Win10 In-Place Upgrade Failures w/ DownLevel 0xC1900208 Error Codes

This will be short and sweet as I am not fond of typing nor do I wish to waste your time with wordy explanations. If you require more details, simply reply to this blog and I will do my best to assist. ENVIRONMENT/SCENARIO: The environment is ConfigMgr (CM) 1710 with a slew of Win7 Lenovo models in dire need of Win10 1709 in-place upgrades. Delivery of Win10 1709 is by way of a CM Task Sequence (TS) with no out of ythe ordinary configurations that would be noteworthy. CHALLENGE: I recently ran into a frustrating challenge where my Win7 to [...]

By |2018-05-01T14:08:16+01:00april 29th, 2018|Configuration Manager (SCCM), Hardware & Drivers, Operating Systems, OS Deployment|Kommentarer lukket til Win7 to Win10 In-Place Upgrade Failures w/ DownLevel 0xC1900208 Error Codes

Taking advantage of Run Script in ConfigMgr 1710

As most of you already know, Microsoft has released a new function in ConfigMgr to run scripts directly on computers and/or servers in your environment. With this new function, scripts can be run in real time on a single computer or an entire collection. How cool is that? This was initially released in the 1706 Tech Preview, but since then Microsoft has put a lot of effort into the functionality of the latest builds and have really made it shine! If you’re like me, you might get stuck in the “this is awesome but how do I move forward with [...]

By |2017-12-20T09:12:22+01:00december 20th, 2017|Powershell|1 Kommentar

Create ConfigurationItems and Baselines without killing your mouse

This information applies to ConfigMgr version 1710 and later. One of the things I really love about working in IT is that you can learn new stuff all the time, and when new stuff turns into boring repetitive stuff you can apply automation and add yet another new piece of learning to your skillset. Over the last few releases of Configuration Manager, the product team has added some new cmdlets for managing Configuration Items and Baselines, and I started to look into these when I was given the task to create a lot of very similar CIs and Baselines for [...]

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Q&A from the Flexera & Coretech webinar

Could you please tell me how many days can I use the trial version of Dashboard? Looks very useful for my SCCM infra. Also please let me know how to opt for dashboard after the trial period.First a huge thanks for all attending the webinar, as promised he are a list of the questions that we didn’t have time to answer during the webinar. Q: We already use Flexera for compliance. Is "Patching" included in it OR is it a separate module? A: Patching is integrated in the standard CSI solution. You can either patch using WSUS or integrate with [...]

By |2017-01-26T12:17:24+01:00januar 26th, 2017|Configuration Manager (SCCM), General info|Kommentarer lukket til Q&A from the Flexera & Coretech webinar

Create ConfigMgr Servicing Plans with Excel and PowerShell

Last week I posted one example how to create ConfigMgr Servicing Plans with PowerShell. In this post I will show you how to create Servicin Plans using Excel. Step 1 is to create a table like this If you have that table with necessary information or if needed you can add more data, then simply save it as a CSV file and import the data to PowerShell.   Here is one quick and simple example how to create these Servicing Plans based on a CSV file and if needed create the Device Collections as well. This example also assumes that [...]

By |2016-05-31T21:32:16+01:00maj 31st, 2016|Configuration Manager (SCCM)|Kommentarer lukket til Create ConfigMgr Servicing Plans with Excel and PowerShell

ConfigMgr cmdlets and Lazy properties

If you have worked with Configuration Manager before, then most probably you know that some of the WMI classes contain lazy properties. Microsoft cmdlets for ConfigMgr queries by default these lazy properties, for example If you query the same Device Collection directly through WMI, then you don’t see RefreshSchedule property value. If you need to query lazy properties, then you can use the .GET() method or [WMI] accelerator. Starting from 1604 cmdlets we have a new parameter called -FAST. Parameter FAST allows us to skip Lazy properties and this should make the queries much faster and should also lower the [...]

By |2016-05-26T17:43:26+01:00maj 26th, 2016|Configuration Manager (SCCM)|Kommentarer lukket til ConfigMgr cmdlets and Lazy properties

ConfigMgr Move-CMObject issue and one possible workaround

If you have been following me in twitter, then most likely you already know that the Move-CMObject cmdlet is broken in 1604 release. Here is one quick examples that shows the error message. Microsoft already knows this issue and hopefully they can fix it quickly but meanwhile we need to find a workaround or do something else: 1. Uninstall 1604 cmdlets and go back to older version 2. Replace Move-CMObject with your own custom function - http://cm12sdk.net/?p=1006 3. NEW! Use Invoke-CMWmiMethod   In this blog post I will show one example how to use Invoke-CMWmiMethod cmdlet. In this example Im [...]

By |2016-05-24T15:23:08+01:00maj 24th, 2016|Configuration Manager (SCCM)|Kommentarer lukket til ConfigMgr Move-CMObject issue and one possible workaround

ConfigMgr 1604 new cmdlets

Microsoft released a new set of command-lets for Configuration Manager and all these new cmdlets are also included in the ConfigMgr 1605 TP release. Here are all the new cmdlets: cmdlet Category Notes Get-CMWindowsServicingPlan Software Updates Windows 10 Servicing New-CMWindowsServicingPlan Software Updates Windows 10 Servicing Add-CMServiceConnectionPoint Infrastructure Set-CMServiceConnectionPoint Infrastructure Remove-CMServiceConnectionPoint Infrastructure Get-CMServiceConnectionPoint Infrastructure Remove-CMCertificateRegistrationPoint Infrastructure Set-CMCertificateRegistrationPoint Infrastructure Add-CMCertificateRegistrationPoint Infrastructure Get-CMCertificateRegistrationPoint Infrastructure Invoke-CMDeviceAction Resource Management Get-CMDeviceActionState Resource Management Add-CMIntuneSubscription MDM / Hybrid Set-CMIntuneSubscription MDM / Hybrid Get-CMIntuneSubscription MDM / Hybrid Remove-CMIntuneSubscription MDM / Hybrid Add-CMMdmEnrollmentManager MDM / Hybrid Remove-CMMdmEnrollmentManager MDM / Hybrid Get-CMMdmEnrollmentManager MDM / Hybrid New-CMApnsCertificateRequest MDM / Hybrid New-CMDepTokenRequest [...]

Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: www.enrollyourdevice.com Also check out the Microsoft EMS Resources App https://www.microsoft.com/store/apps/9nblggh6j3fq and YouTube page https://www.youtube.com/channel/UCbf6dOWcNhRgLHDEXJWqiNw for more information about Microsoft [...]

By |2016-04-04T15:03:56+01:00april 4th, 2016|Configuration Manager (SCCM), Enterprise Mobility Suite (EMS)|Kommentarer lukket til Community Web page to help corporate users enroll their devices!

OMS/EMS Seminar March 2016: Enterprise Mobility Suite Session Notes and slides

Hi First and foremost, thanks to all attendees for a great day on Wednesday. Lots of great questions and discussions and to all of you who is wondering what happened to my girlfriend’s phone – well I had to un-enroll it the morning after!  For those of you who are waiting for the EMS-book that Kent is writing together with Peter Daalmans, it is not to long until it is published so stay tuned! I will update this blog post with link to the book when it is out.. Download the slide deck: EMS Microsoft EMS Resources app is free and [...]

December 11: Microsoft Enterprise Mobility Suite (EMS) Resources at your fingertips

I know it's a pompous title, but that still the idea behind what I want to show next. As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. Now for some time now I have been working with Cloud services like Microsoft Intune and eventually EMS after the suite [...]

Roll Out New Configuration Manager Distribution Point with PowerShell

Here is a quick example how to install new Configuration Manager Distribution Point with PowerShell. As you see we have many options to expand this script. We can install Windows Server features, reboot it remotely, install additional software etc. It all depends how you wanna install and configure it. #Import the Module Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE #Change the connection context Set-Location "$($SiteCode.Name):\" #New DP Information $DistributionPoint = 'DP01.4demo4.com' $SiteCode = 'PS1' # Test the connection to server     Test-Connection `         -ComputerName $DistributionPoint # OPTIONAL - Install Windows Server Roles and Features     Install-WindowsFeature `         -Name [...]

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to create and install local packages. Without it, only packages from Microsoft Update will be installed. How-ever this time I got this error when trying to 'Automatically create and install certificate'  during the Connector Wizard: An error occurred when creating the WSUS Signing Certificate Now this [...]

By |2015-10-20T20:14:46+01:00oktober 20th, 2015|Configuration Manager (SCCM), Security|1 Kommentar

How to: Create custom SQL- based Reports in System Center 2012 R2: Configuration Manager

A customer asked me  for a “how-to” on how to Create reports in SCCM 2012, so why not share with everyone. This post is not intended to show how to write or design queries, but show you have to create  a report based on a SQL query you might already have. Even-though we are skipping how to write SQL Queries for know, this post is still going to be a bit long. Time for that cup of coffee! First some requirements: You need to have an SQL Server instance for SCCM with SQL Reporting Services running You need to have [...]

Upgrade System Center Configuration Manager Console with PowerShell

Since Service Pack 1 was released to SCCM 2012 R2 I have been upgraded several environments. A couple of customers wanted me to create a PowerShell script to uninstall existing ConfigMgr Console and install the new updated version with the latest cumulative updates and hotfixes. If you create a package to distribute it with SCCM make sure you point the Data source to the location of the Client installations files, Script, KB3084586-msp and kb3074857-msp. Installation command for the program will then be: PowerShell.exe -file "script.ps1". Remember to set PowerShell execution policy to "Bypass" under Client Settings. This will not affect [...]

By |2015-09-17T18:14:33+01:00september 17th, 2015|Configuration Manager (SCCM), General info, Powershell, Scripting & Development|Kommentarer lukket til Upgrade System Center Configuration Manager Console with PowerShell

Working with managed applications within Configuration Manager 2012 R2 SP1

First, let’s define a managed application. In essence it’s a special policy that enable you to control settings in the application or browser like data encryption, can the user save the document as a new file etc. To successfully deploy a managed application you need to mix the application deployment with an application management policy. Configuration Manager will automatically discover if the application can be managed and will show an additional page in the wizard when you create the deployment. It’s worth noting that not all applications can be managed. They have to have the Intune App SDK built-in or [...]

Change device ownership in Configuration Manager with PowerShell

All newly enrolled devices are enrolled as Personal Devices by default in Configuration Manager and we cant change the default behavior. If the Device Ownership is Company, then we can inventory all the installed applications and we can also do mandatory installations. If the Device Ownership is Personal, then we can inventory only applications that are installed through Company Portal. If your company policy is that all the devices must be company-owned, then you can use this script to query a specific collection devices and it will set the Device Ownership to Company. Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") $SiteCode = Get-PSDrive -PSProvider CMSITE [...]