How to Use SCCM Applications with AutoInstall

Introduction SCCM is a powerful tool that allows you to install operating systems and SCCM Applications with AutoInstall based on your company’s needs. During Operating System Deployment (OSD) you want the device to install everything the user needs based on their department or role. An useful tool in this scenario is to utilize SCCM's ability to install applications based on variables.In this post, I will show you how to find SCCM applications with autoinstall enabled in your environment. I will also show you how to enable this option in the console and how to use them with computer variables. It…

0 Comments
How to Export Drivers with Powershell

Introduction When you have a new computer model that you want to use with SCCM, there is a step that you always should do. You need to export drivers with PowerShell. I am talking about preparing SCCM with the drivers used for that specific computer model. New models might work with old drivers, but you should always have a package for the specific model. There are multiple sources of drivers, the most common are the manufacturer's website, but they don’t always work. Sometimes we need a specific driver, or the model doesn’t have a prepared package.If that is the case,…

0 Comments
Top Highlights in SCCM TP 1908

Introduction Microsoft released SCCM TP 1908 this week, and I will highlight the most important features in this post. Most features result from UserVoice feedback which is great for us, so don't forget to use the send feedback button! New Features Run Task Sequence with High Performance Power Plan There is a new option to run a task sequence using the power plan High Performance. This means you no longer have to configure it manually using command-line inside the TS. If the computer restarts this is reapplies the High Performance settings automatically. You can find the new property by choosing the TS and selecting…

0 Comments
How to Enable Windows Sandbox Using Powershell

Introduction Microsoft recently released Windows 10 1903 on MSDN and should release it on VLSC at any moment now. I will show you how to enable Windows Sandbox using Powershell and give you some suggestions on how to use it. Windows Sandbox is a feature in 1903 that allows you to create a sandbox container using virtualization technology. This container is running an instance of Windows 10 where you can install applications, browse the Internet, and test many things. Windows will immediately delete the container when you close the Windows Sandbox window, which means it is great for testing. This is…

0 Comments
9 Best New Features in SCCM 1902

Introduction Yesterday saw the release of SCCM 1902 and it seems to include a lot of useful features we have been waiting for. I'm mentioning most of the highlights here but you can go to the what's new page for a full list. 1902 will be generally available in about two weeks but If you want to try it out you can use the Enable Fast Ring script to get it today. Download it here. Search for devices using MAC address You can new add MAC Address as a criteria in the Device view. This means you don't have to…

0 Comments
Server Missing in Wsus Console

In this post I will explain how I solved my problem when I had a server missing in wsus console. I had just set up a new WSUS Server for a customer and deployed the GPO settings. The GPO contained the basic settings required to configure the clients, like servername, computer group and what update schedule to follow. Even though all settings were correct only some servers appeared in the console. After some thorough troubleshooting I was sure that the GPO settings were correct but I still had the same issue. I had a feeling that something was wrong when…

0 Comments
Configuring Local Administrator Password Solution (LAPS)

Introduction Local Administrator Password Solution (LAPS) is a technology from Microsoft that allows you secure the passwords for local administrators and store them in Active Directory, in a similar way to BitLocker recovery keys.This technology allows you to randomize a password for each computer you enable it on and to enforce complexity policies to make sure they stay secure. With all the new security features coming around lately you should definitely configure LAPS for Windows 10 to use it like a great supplement. Local administrator accounts has always been an issue to manage in large environments and especially when there are multiple…

0 Comments
How to Enable BitLocker on Existing Devices Using SCCM

All businesses want to protect their data to make sure it is safe from unauthorized users. A big part of this is to encrypt the disks of their devices using BitLocker. This can easily be done during OS installation for all new computers but it might be troublesome to enable BitLocker on existing devices. BitLocker can use multiple key information methods but in this case, I will focus on TPM. TPM is a hardware component that is installed by the manufacturer and can be used to ensure that the computers have not been tampered with while the computer was powered…

6 Comments
How to execute powershell.exe with script and parameters

Background I had some problems today powershell.exe and the syntax. My goal was to use an application that executes a script together with parameter to start an installation. This is how to execute powershell.exe properly using command prompt. What I tried to do I wanted to run Powershell.exe from the command line and supply it with arguments, a file and parameters. First I was trying to use something like this powershell.exe -ExecutionPolicy Bypass -File "Install-Application.ps1 -Mode Install" -WindowStyle Hidden -NoProfile I couldn't get this to work and the CM logs didn't tell me what the issue was. What the issue…

0 Comments
GPO Inaccessible, Empty or Disabled due to delegations

Introduction During a project a customer of mine found that a new policy didn't work as intented due to GPO inaccessible. The GPOs were verified multiple times and there was nothing wrong with either the settings, the scope or the security filtering. After some troubleshooting I found that gpresult /h indicated that the reason was beacuase GPO Inaccessible, Empty or Disabled. Issue Because of vulnerabilities in GPOs Microsoft implemented a design change in Security Update for Group Policy (3163622). The update changes how the policies are retrieved by using the computers security context instead of the users´. The reason for this…

0 Comments