Jump to content


All Activity

This stream auto-updates

  1. Today
  2. Last week
  3. hi, what was difficult about signing up to this site, please explain (in detail) so we can look into it, secondly, I assume you are talking about Autopilot for existing devices for your task sequence ? what version of Windows 10 are you testing with ?
  4. radish

    Strings

    (gwmi CIM_Chassis ).tag
  5. Hi Anyweb. First of all, thanks for all your guides and help. You've gotten me out of many issues. Second, signing up to post on this site was quite a pain. I've logged into bank accounts easier than this. Back to the topic at hand. Do you know if there is some sort of fix like this for a brand new image, not an OS upgrade? We have an autopilot task sequence that for part of our process, we would use Shift F10 after the image has completed and is at the OOBE screen in order to change the computer name before initial login. If we login before we change the computer name, it will never get the proper policy from Endpoint (InTune). Now that we can no longer use Shift F10, the computer never gets the proper policy and we are stuck. I looked to see if I could find any other Task Sequence variables such as OSDSetupAdditionalOptions and I also tested with OSDSetupAdditionalUpgradeOptions but it does not work. I'm currently testing a PowerShell script towards the end of the task sequence to change the name but if you have any suggestions or methods to enable Shift F10 or cmd prompt at OOBE screen, please let me know.
  6. Quinten

    Strings

    I have a string CIM_Chassis (CreationClassName = "CIM_DockingStation", Tag = "ABCD1234") How do I get just the ABCD1234 ? I have 2 equal signs and 2 sets of quotes and that is messing me up. Any help would be great.
  7. 1. Administration > Site configuration > Severs and site system Roles > Properties of the site system role 2. Administration > Site configuration > Severs and site system Roles > Software Update Point 3. Also check the same in WSUS console
  8. Earlier
  9. attach your cmupdate.log and we can take a look
  10. Hi all,Trying to update my SCCM from 2103 to 2107 but if failing on: Failed to apply update changes 0x87d20b15 tried to check my SQL server nothing spesialanyone can help?
  11. Hi, wanted to check with you on secondary site - msg queue taking most space in drive as below - , Please provide yur suggestion if server restart will help to resolve this issue - check with you on secondary site - msg queue taking most space in drive as below
  12. If you have experience with the Windows Admin Center, you might already have deduced it is a powerhouse of functionality making light of important server management tasks. If you’re just adding it to your system administrator toolbox, welcome to the wonder of Windows Admin Center! With so much functionality, figuring out where to focus is key. Whether you’re just setting out with Windows Admin Center or wanting to realize its full potential, start with Altaro’s free 160+ page second edition eBook, How To Get The Most Of The Windows Admin Center. Written by Microsoft Cloud & Datacenter Management MVP Eric Siron, it covers the latest developments like the Control Azure Stack HCI, use of WinRM over HTTPs and integration with Azure Monitor, amongst others. It’s a comprehensive guide on everything from installation methods and security considerations to integrating Windows Admin Center into an existing environment. There is even a brief history lesson along with a comparison to alternatives so you should get a solid overview of Windows Admin Center, why chose it and how to work with it. An all-new server management experience when it was introduced, Windows Admin Center modernized administrative activities with a centralized HTML 5 web application. Just add servers, clusters, desktops, and Azure virtual machines into a personalized, persistent interface, and manage their roles, features, software, registry, PKI certificates, and more. And with Microsoft’s latest investment into the Windows Admin Center and new functionality, there is now even more server management power to work with. Learn to simplify and optimize your server management tasks - Download your free eBook now!
  13. Use the application substitution rule, first do the uninstallation of the old version parameters or scripts, in the installation will first uninstall the old version before installing the new version
  14. We have a number of machines with a variety of different versions of Citrix Workspace installed. I'd like to get them all onto the latest version but wasn't sure on the best way to go about this. I have Applications created for installing versions 2108 and 2109 but nothing earlier. Is it advisable to uninstall previous versions before installing 2109 and, if so, how do you recommend I go about this? Many thanks Mick
  15. Running the OSD task sequence from the Software Center shows that it is being installed... Does anyone know what's going on? TSAgent.log Show these errors reply has no message header marker Failed to request policy assignments (Code 0x80004005) Error initializing policy environment variables. Code 0x80004005 Error LoadPolicyBasedEnvVars, return code 80004005 Error initializing Task Sequence environment. Code 0x80004005 Task sequence launcher deployment failed!. Code 0x80004005 Failed to open the task sequence key HKLM\Software\Microsoft\SMS\Task Sequence. Error code 0x80070002 CTSAgent::Execute - Failed to launch Task Sequence manager. execmgr.log smsts.log TSAgent.log
  16. For urgent requests, you should contact Microsoft paid support. Forums are for admin to help other admins.
  17. when i ran the content library cleanup, it fails each time as some package is not fully installed on DP. i have to remove the package for dp and try to run cleanup again.. could you suggest way to check for list of failed packages for DP and do cleanup @once without getting failed due package error...Need info urgently for this
  18. Introduction I previously posted a blog post showing you how your users can decommission their old domain joined PC using the Retire My PC app. I showed you how to create the app and deploy it via Software Center to your users' old computer. The reason why this app exists is to allow users to decommission their old PC when it suits them and not have to rely on onsite support staff or a third party service to secure company data stored on the old PC before it gets returned to the vendor or seller. This is achieved by ensuring the device is protected by Bitlocker and then deleting the Bitlocker protector from the TPM prior to shutting down the device. There is much more going on in the app, please see the list of original features below. stops the ConfigMgr client agent service (if one is running) stops the MBAM agent service (if one is running) rotates the BitLocker key (optional) WIPEs the BCD registry entries (optional) joins a workgroup clears the Bitlocker TPM protector adds a record of all this to Azure Tables emails the log to a support inbox In this blog post I'll show you how to deploy a newer, more secure version of the app via the Company Portal in Microsoft Endpoint Manager (Microsoft Intune) which can be used on Intune managed, Azure AD joined computers. This version of the app has some new abilities which are highlighted below. Available in Company Portal Allows the user to select the type of decommission (Recoverable or Secured) If the Recoverable option is selected, the Bitlocker protector is removed from the TPM. If a support technician or the end user has access to the recovery password info, they can enter it at the boot screen and therefore can boot back into Windows. If the Secured option is selected, not only is the Bitlocker protector removed from the TPM but the Bitlocker key is rotated and the new key is not uploaded to Azure AD, or ConfigMgr or MBAM. Therefore the admin and the end user will not have the recovery info needed to boot the computer. In addition, the BDE registry keys are completely wiped out, so even if they manage to get the rotated key (from the email sent to the configured support inbox, read the NOTE below) this would only allow file access, Windows will not boot. Regardless of which option the user chooses, the device will NOT boot into Windows after it's retired as it cannot due to the missing Bitlocker protector in the TPM, and this secures the PC from unwanted access. However, if the user selects cancel in the main UI, the detection method file is removed so they can reinstall the app on-demand via Company Portal. NOTE: You can also modify the script to not include the rotated recovery key information in the email making the device very secure indeed. If you do this, the device (and the data on it) can never be recovered as the rotated Bitlocker key is not stored anywhere. As this is so drastic, I've left this recovery info in the email. This email will never be seen by the end user and is sent to a shared help desk inbox. Once you are happy with the way things are going, you can optionally remove this info from the log to ensure company data is 100% secured on decommissioned devices. Before starting, please read the original Retire My PC blog post to get an understanding of how to set this all up. You can skip the creation of the app in ConfiMgr if you are using this in cloud only environments. Step 1. Get the scripts Note: You can only download these files when logged on to https://www.windows-noob.com Retire My PC.zip Download, unzip and extract the files. Step 2. Get ServiceUI.exe from MDT You'll need the ServiceUI.exe executable file to display user interfaces (UI) to end users when operating in SYSTEM context. To get the file, download and install MDT somewhere and navigate to C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64. To download MDT click here. Copy the 64 bit version of ServiceUI.exe file to your extracted win32app_source folder so it looks like this. Step 3. Get the Win32 content prep tool Download the Win32 content prep tool from here. Copy the IntuneWinAppUtil.exe file to your Retire My PC source folder, it should look like this. Step 4. Modify the script Open the securewipe.ps1 script. Configure the $ToAddress and $FromAddress variables. Using your Sendgrid API key, paste your API key value (line 615 below). Add your httptrigger1 URL add your httptrigger2 url here If you want to completely remove the rotated key from the email, rem out the following lines marked in yellow Save the changes to the script. save your changes. Step 5. Create the Intunewin package Open a command prompt and browse to the reset-windows folder structure. Launch the IntuneWinAppUtil.exe file and answer the following. Please specify the source folder: win32app_source Please specify the setup file: securewipe.ps1 Please specify the output folder: win32app_target Do you want to specify catalog folder (Y/N)? n as shown here. After doing that you'll have the securewipe.intunewin file in the win32app_target folder. Step 6. Create the Win32 app in Endpoint Manager Log into https://endpoint.microsoft.com and add a new Win32 App. Below are some screenshots showing how I've configured the app. For Select app type, select Windows app (Win32) from the drop down menu Click on Select app package file and point it to the securewipe.intunewin file in the win32app_target folder. fill in some info about the app for the logo, click on Select image and point it here... fill in the install commands fill in the requirements and the detection rules.. finally deploy it to your users that should be retiring old pc's... and save the app. This is what the end user will see after launching the app from the Company Portal once they make their selections and clicking OK clicking OK to this warning will start the process and some seconds later the device will no longer be able to boot. The recovery key data stored in Microsoft Endpoint Manager will not contain the latest rotated key from the device if the user selected the <Secured> option. The only place you'll find the recovery key data, is in the email sent to the shared help desk inbox if you optionally decided to include that info. The app logs to C:\Users\<USERNAME>\AppData\Local\Temp\win.ap.securewipe.log and this log file is emailed to your shared help desk email inbox. Job done !
  19. I created an offline media of the Windows 20H2, where I have two Windows version options, I'll call version A and version B Version A: is a standard task sequence, which disables the bitlocker, partitions the disk, installs install.wim, installs the configuration manager, restarts, then adds 3 programs, which are: 7Zip, Adobe and Notepad++, and finishes Version B: identical to version A, but without 7zip. The most bizarre thing is that in version B, everything works without a problem. But in version A, at the end of the Task Sequence (NOTE: I use TSBackground, but that's not the problem, otherwise it would affect both versions) the success screen appears, and I click the Finish button, and then I go to a screen blue (not the BSOD) saying: "Sign-in process initialization failure, Interactive logon process initialization has failed. Please consult the event log for more details." How is this possible if the difference between them is just 7zip? This screen does not corrupt the system, it only appears once, restarts, and I can log in again without any problems, and 7Zip is still there without any problem, and consulting the smsts.log, 7Zip is terminated with Exit Code 0. This error does not interfere with nothing, but it bothers me a lot, even more that I will distribute this system to more than 2,000 machines, everyone will have doubts about this screen, and this is not pleasant to leave showing. I googled it, but it seems that it happens when it really corrupts the system, in my case it doesn't, it shows up once, but I wanted to understand why the hell it shows up because of a 7Zip (already tested it with msi version, exe, old version, version new, and etc and with no result, I tried to put another program in place, like CCleaner for example and it causes the same result) I created an offline media, where I have two Windows version options, I'll call version A and version B Version A: is a standard task sequence, which disables the bitlocker, partitions the disk, installs install.wim, installs the configuration manager, restarts, then adds 3 programs, which are: 7Zip, Adobe and Notepad++, and finishes Version B: identical to version A, but without 7zip. The most bizarre thing is that in version B, everything works without a problem. But in version A, at the end of the Task Sequence (NOTE: I use TSBackground, but that's not the problem, otherwise it would affect both versions) the success screen appears, and I click the Finish button, and then I go to a screen blue (not the BSOD) saying: "Sign-in process initialization failure, Interactive logon process initialization has failed. Please consult the event log for more details." How is this possible if the difference between them is just 7zip? This screen does not corrupt the system, it only appears once, restarts, and I can log in again without any problems, and 7Zip is still there without any problem, and consulting the smsts.log, 7Zip is terminated with Exit Code 0. This error does not interfere with nothing, but it bothers me a lot, even more that I will distribute this system to more than 2,000 machines, everyone will have doubts about this screen, and this is not pleasant to leave showing. I googled it, but it seems that it happens when it really corrupts the system, in my case it doesn't, it shows up once, but I wanted to understand why the hell it shows up because of a 7Zip (already tested it with msi version, exe, old version, version new, and etc and with no result, I tried to put another program in place, like CCleaner for example and it causes the same result) (Note, the 2004 version I've never seen this happen and it's the same Task Sequence, I just changed install.wim to the new 20H2 version)
  20. In the company I work for, there are situations where internet access is very bad, so we deploy the image using offline media (putting the USB on the computer and installing the image from there). And there are also regions where it is difficult for us to hire temporary analysts to make some demands.So I thought of an alternative to prevent our analysts who are on the users' end from always deploying when the computer has startup problems.I was wondering if it could work like this:1- The installation is performed normally, but in the part of creating the partitions, if you create a partition with a predefined size like 10GB for example or use the size of "install.wim" as size reference, and that this partition was hidden for that the end user does not see its existence. After that the Task Sequence continues normally performing the install.wim installation, applying customizations, installing programs and running scripts and so on.2- At the end of the Task Sequence, a clone of the partition where install.wim was installed (C:\ normally) was performed to this hidden partition, creating a backup.wim for example, and here is the part where I don't know what to think , the idea I had is to create a custom boot.wim where it would be possible to clean the C:\ partition (which would be having problems in the future) and extract this backup.wim to the C:\ disk (Similar to Dell Assist Image) and point in the BCD file so there is a second boot menu that would be this custom boot.wim. What I don't know is how this boot.wim would be built, it would only be customized with .bat batch files, or a SCCM boot.wim that loads 5 task sequence only, where 1 would erase C:\ 2 partitions - Recreate the partitions again, 3 extract the backup.wim there. 4- Configure the BCD but without removing the second menu which would be the recovery boot.wim, and 5- restart the computer and work normally.I know it's extremely complex, but I need to think outside the box to save financial resources and this idea would be very well received in the company, because that way, just a phone call to the user and in a few seconds giving correct instructions, he would be able to recreate your image again with all applications and customizations without a USB or any device to do this.
  21. I apologize for the delay. I made some adjustments and managed to make it work, thank you very much!
  22. In a task sequence, would this be applied before or after the "Apply Operating System Image" ?
  23. Hello, I had a question on PowerShell Version: 5.1.19041.1023 If you look at the attached screenshot you'll see what I'm curious about. I run this command in PowerShell ISE: Get-CimInstance -ClassName win32_computersystem -Property * | Get-Member -MemberType Method You see what it displays in the display window. But when I run WEBMTEST and I choose OPEN CLASS and then Win32_ComputerSystem you'll notice the METHODS don't match what you see in the ISE command. My question is why? Thank you.
  24. Why are you not using the Robo copy command as the command line, aka why wrap it is a vbs?
  1. Load more activity
×
×
  • Create New...