All Activity
- Earlier
- 
	Clearing cache during OSD?Rossm replied to joeman1881's question in Deploying Windows 10, Windows 8.1, Windows 7 and more... Each application install within the task sequence has a button to delete its cache after the install. It's at the bottom "Clear application content from cache after installing". Not good for Self-repair apps like VLC. I know this is a 10 year old thread but its top result of google, so leaving it for others.
- 
	Dear Team, i Have to Create 2 Application Program for 1 Packet. One is Update and Another is Standalone Installation. The issue if i add the new device in the update collection .Program is installing but in software center its saying Overdue - being installed. Application Deployment. Software Center. For this Reason i have to create again New Device Collection. Detection Method - For Update Detection Method for - Standalone is same as Update i have created Can any one help. Is any alternative way to create in 1 Application package instead of 2 Deployment.
- 
	New PowerShell Based SCCM OSD FrontendAbnrangerx67 replied to taylorblakeharris's question in Frontends, HTA's and Web Services So far got this work (outside of the TS in regards to the GuI popping up and all the controls doing what it needs to do. Next step is seeing how it works in the TS itself. I added things like domain join, auto generating computer names if a custom one is not typed in the textbox, etc. Only challenge and not a big deal, is getting the image show after the import. I tried the base64 approach but no bueno. I will provide an update and share my challenges and workarounds. One key tip if not already figured out, make sure and put your GUI/frontend step AFTER the drive partitioning step if using this as a package.
- 
	Introduction Ever wished you could spin up a Cloud PC not just for your employees, but for contractors, partners, or even external collaborators? Good news—External Identity (preview) support in Entra ID now makes that possible. You can invite external users into your tenant and give them access to Cloud PCs, extending the same secure, managed experience your internal users already enjoy. Of course, there are a few strings attached. Prior to deploying out Cloud PCs to outside identities, you will need to be aware of a number of significant requirements and limitations so that everything runs smoothly. In this blog post, myself and my good friend Paul Winstanley took a look at what you need to be aware of and how to set up and access. Requirements The Cloud PC must be running Windows 11 Enterprise with the 2025-09 Cumulative Updates for Windows 11, version 24H2 (KB5065789) or later installed. The Cloud PC must be Entra only joined, hybrid is not supported. Single-sign on must be enabled in the provisioning policy. Connection to the Cloud PC must be via the Windows App or browser. Limitations User based Intune device configurations profiles will not be applied to the external users Cloud PC. Ensure you target the profiles to devices. Windows 365 Enterprise, Business, and Frontline are supported, Windows 365 Government is not. Cross-cloud users are not supported, i.e. you can’t invite users from Microsoft Azure Government or Microsoft Azure operated by 21Vianet. Be aware of the token limitations for external identities – https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection#known-limitations Authentication to on-premises resources with Kerberos or NTLM is not supported for external identities. Assigning the Windows 365 licence Assigning the licence should be a simple case of heading over to the Microsoft 365 admin center, navigating to Billing | Licenses and selecting the required Windows 365 subscription. When selected, we clicked Assign licenses and chose the guest user, in our case Niall’s guest account in Paul’s tenant. When finished we clicked Assign licenses. In our tenant, we received the following error message ‘Failed to assign license for Niall Brady: Cannot process request because a referenced item has an invalid usage location.’ You may not receive this error and not have to perform the fix. To fix this up for us, we went to the Entra admin center and clicked on Users. We located Niall’s guest account and clicked Edit properties. Under the Settings menu, we clicked the Usage location drop-down and selected a location for his account, then clicked Save. After a short period of time, we were able to assign a licence to Niall’s account with no issue. Provisioning the Cloud PC for the External Identity Back in the Intune admin center, under Devices | Device onboarding | Windows 365 | All Cloud PCs there should be a Not provisioned Cloud PC. It reports as Not provisioned as the user has not been assigned a provisioning policy. To resolve this we can either create a provisioning policy and assign this or we can use an existing policy, so long as we have single sign-on enabled and that the Cloud PC is running with 2025-09 Cumulative Updates for Windows 11, version 24H2 (KB5065789) or later. If using an existing policy, take a look at the assignment to ensure that Niall’s account is targeted. We decided to create a new provisioning policy using the new 25H2 release of Windows 11. We navigated to Devices | Device onboarding | Windows 365 | Provisioning policies in our tenant and clicked Create policy. As mentioned, ensure Use Microsoft Entra single sign-on is enabled and Microsoft Entra Join is selected for Join type as hybrid is not supported. We selected the Windows 11 Enterprise + Microsoft 365 Apps 25H2 gallery image to ensure that we met the O/S requirements. When assigning the policy, we targeted a group called Windows 365 External Identities. After completing the provisioning policy wizard, the policy was visible. Next, we simply added Niall’s guest account to the Windows 365 External Identities group. We navigated to Groups and searched for the group and added his account. Back in All Cloud PCs, a Cloud PC now reported a Status of Provisioning. After a period of time, the Cloud PC reported as Provisioned. Accessing the Cloud PC The Cloud PC can be accessed via the Windows App or web browser, however prior to attempting to access the following registry key needs to be created on the host device. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsApp\Flights DWORD - EnableIdSignInUx Value - 0 There are slight variations to accessing via the app or the browser so let’s take a look at both. Also, thanks to our MVP friend Sune Thomsen for providing the details that steered us in the right direction to make this work! Windows App The user must be authenticated in the Windows App. They need to click their account profile picture on the top right of the application and click Sign in with another account. If the registry key has been entered, then the following Sign in window will be displayed. Note Sign-in options is available. This would not be displayed if the registry key is not present. Click Sign-in options. The next step is to click the Sign in to an organization option. and enter the domain of the organization hosting the Windows 365 Cloud PC. In our case, sccmsolutions.co.uk. Now, the guest account must authenticate in the tenant using their account credentials, and respond to any multi-factor authentication or other prompts. When authentication is complete, the user will be presented with their Cloud PC in the Windows app. The user is able to switch between organizations by clicking their account profile and selecting accordingly. Web Browser When navigating to windows365.microsoft.com, the user will authenticate with their account. Then in the top right hand corner of the web page, the user clicks their profile and then chooses Sign in with another account. Now, choose Use another account. The user will then have the Sign-in options available to select (if the reg key is present on the device). After selecting Sign-in options, choose Sign in to an organization. As with the Windows App, they enter the domain name of the organization hosting the Windows 365 Cloud PC. and authenticate with their user account. Finally, the user will be presented with the provisioned Cloud PC in the web browser. Using either Windows App or the web browser to log on to the Cloud PC, will allow the guest account access to the device, where previously they would have had to have had an account created in that tenant for them to have a Cloud PC assigned. As we can see, Niall’s account is accessing CPC-niall-ZMTAD in the sccmsolutions tenant. This is a hotly awaited addition to Windows 365 Cloud PC features. We look forward to using this feature with our customers. We hope that the registry key requirement is soon removed and is added as part of the installation of the Windows App, as this will help reduce steps required for onboarding for guest accounts. See you next time.
- 
	Introduction In a previous post we took a look at how you can determine the health of the Windows app and you can read about that here. Please read it to understand the new feature and why this blog post improves things from an admin perspective. In this blog post myself and my good friend Paul Winstanley took a look at yet another Windows 365 related ability and that is an Intune remediation solution called Windows App Health Check Log Reader. Note: This remediation solution is not supported by Microsoft. If your Windows app detects a health issue it’s logged in the following log file: C\Users\<USERNAME>\AppData\Local\Temp\DiagOutputDir\Windows365\logs\health_checks.log But that log file is on the device hosting the Windows app used to connect to your Windows 365 Cloud PC’s and that requires remote access by an admin or some other way of grabbing the log to determine the issue. In this blog post we take a look at a remedition solution which does just that, it looks at Windows devices that you target, determines if they have the Windows app installed and if that app matches a minimum version (needed for health checks), parses the health_checks.log file to see if there were any recent errors reported. If so, based on the cadence you select, it will copy that log to the root of your Intune logs folder, which is located at the following path: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs Doing this allows you to grab the logs via the Intune console collect diagnostics ability. So let’s take a look at how it works. Get the scripts Head over to Github and download the 2 scripts here. They’ve changed a bit lately based on feedback we submitted, so do check regularly for updates. Once you’ve downloaded the scripts, extract them somewhere useful. Create the remediation In Microsoft Intune, create a remediation solution using these 2 scripts. On the Settings page, point it to the 2 scripts as appropriate. Once done, assign it to some devices that you want to monitor the health of the Windows app on, we used an Entra Id group containing some devices with and without the Windows app installed and we set a cadence of every hour to see the results quickly, however in production you’ll probably want to set that to run once a day. Analyzing the results After the remediation has run for some time, you can analyze the data it created by clicking on Device status in the remediation. In here we can see that most devices are without issues (good) but one device reports a detection status of With issues and it has recurred. Back in the Intune console, locate the device highlighted with issues, and click on the Collect diagnostics button. answer Yes when prompted. After some time those log files will be captured and you’ll see the status has changed. Click on Device diagnostics to download those files, by clicking the three dots and then selecting download. Within the extracted ZIP file, locate the (67) FoldersFiles ProgramData_Microsoft_IntuneManagementExtension_Logs folder and you’ll see the health_checks.log file. Open that file in CMTrace to review the issue. That’s a result! With this new remediation solution, you (as an Intune admin) can automate the copying of the health_checks.log file to a location that is easy to remotely grab without needing to bother the end user or use remote access to their PC. Awesome. see you in the next one !
- 
	Pdf24 Creator 9.2.1 to Pdf24 Creator 11.28.2 Dear Team, I have a upgrade issue of Pdfcreator24_9.2.1x86.msi to pdfcreator24_11.28.2.x86.msi. i ablet o uninstall Pdfcreator24_9.2.1x86.msi but it is not installing pdfcreator24_11.28.2.x86.msi. I have tried Various Tests could not able to find why it is not installing. *pdf24-creator-9.2.1.msi (PDFCreator24_9.2.1_x86.msi) install-pdf24.bat msiexec /i "pdf24-creator-9.2.1.msi" UPDATEMODE=2 REGISTERREADER=No FAXPRINTER=No DESKTOPICONS=No PROGRAMMENU=No AUTOUPDATE=No /qn regedit.exe /s pdf24.reg pdf24.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PDFPrint] "InstallDir"="C:\\Program Files (x86)\\PDF24\\" "Label"="pdf24" "Installer"="msi" "UpdateCheckUrl"="" "UpdateInfoURL"="" "UpdateMode"=dword:00000002 "CreatorID"="pdf24" "LogoClickUrl"="" "CreatorName"="pdf24.org" "CreatorEmail"="team@pdf24.org" "Language"="German" "assistant.closeAfterSave"=dword:00000001 "assistant.closeAfterEmail"=dword:00000001 "assistant.openPDFAfterSave"=dword:00000000 "assistant.mailNamePrompt"=dword:00000001 "assistant.joinFilesUseFirstName"=dword:00000000 "assistant.fixedSaveDir"="" "NoTrayIcon"=dword:00000000 "NoShellContextMenuExtension"=dword:00000000 "NoShellFileContextMenuExtension"=dword:00000000 "NoShellDirectoryContextMenuExtension"=dword:00000000 "NoShellBackgroundContextMenuExtension"=dword:00000000 "EmailInterface"="mapi" "!NoCloudPrint"=dword:00000001 "NoEmbeddedBrowser"=dword:00000000 "NoPDF24MailInterface"=dword:00000000 "NoTwainImport"=dword:00000000 "NoScreenCapture"=dword:00000000 "NoMail"=dword:00000000 "NoDelayedToForegroundOnNewFile"=dword:00000000 "NoOCR"=dword:00000000 "DeletePrintJobsWithError"=dword:00000000 "!NoOnlineConverter"=dword:00000001 "!NoOnlinePdfTools"=dword:00000001 "NoOnlineConverter"=dword:00000001 "NoOnlinePdfTools"=dword:00000001 "!NoFax"=dword:00000001 "!NoFaxProfile"=dword:00000001 *pdf24-creator-11.28.2-x86.msi install-pdf24.bat msiexec /i "%~dp0pdf24-creator-11.28.2-x86.msi" UPDATEMODE=2 REGISTERREADER=No FAXPRINTER=No DESKTOPICONS=No PROGRAMMENU=No AUTOUPDATE=No /qn regedit.exe /s "%~dp0pdf24_11_28_2.reg" pdf24_11_28_2.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\PDF24] "InstallDir"="C:\\Program Files\\PDF24\\" "Label"="pdf24" "Installer"="msi" "UpdateMode"=dword:00000002 "CreatorID"="pdf24" "LogoClickUrl"="" "CreatorName"="pdf24.org" "CreatorEmail"="team@pdf24.org" "InstallationID"="3A971FE0-47D1-45BF-878C-9C7CCFF3C201" "Language"="German" "assistant.closeAfterSave"=dword:00000001 "assistant.closeAfterEmail"=dword:00000001 "assistant.openPDFAfterSave"=dword:00000000 "assistant.mailNamePrompt"=dword:00000001 "assistant.joinFilesUseFirstName"=dword:00000000 "assistant.fixedSaveDir"="" "NoTrayIcon"=dword:00000000 "NoShellContextMenuExtension"=dword:00000000 "NoShellFileContextMenuExtension"=dword:00000000 "NoShellDirectoryContextMenuExtension"=dword:00000000 "NoShellBackgroundContextMenuExtension"=dword:00000000 "EmailInterface"="mapi" "!NoOnlineConverter"=dword:00000001 "!NoOnlinePdfTools"=dword:00000001 "NoEmbeddedBrowser"=dword:00000000 "NoPDF24MailInterface"=dword:00000000 "NoTwainImport"=dword:00000000 "NoScreenCapture"=dword:00000000 "!NoFax"=dword:00000001 "!NoFaxProfile"=dword:00000001 "NoMail"=dword:00000000 "NoDelayedToForegroundOnNewFile"=dword:00000000 "NoOCR"=dword:00000000 "DeletePrintJobsWithError"=dword:00000000 "Img2PDFPassThroughJPG"=dword:00000001 "Img2PDFOptForA4"=dword:00000001 "Img2PDFJPEGQuality"=dword:00000064 "Img2PDFDPI"=dword:00000090 [HKEY_LOCAL_MACHINE\SOFTWARE\PDF24\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\PDF24\Services\PDF] "Port"="\\\\.\\pipe\\PDFPrint" "Handler"="assistant" "ShellCmd"="" "LoadInCreatorIfOpen"=dword:00000001 "FilenameErasements"="Microsoft Word - Microsoft PowerPoint - Microsoft Excel - Visio- - Editor" "NoUserOverride"=dword:00000000 "AutoSaveOpenDir"=dword:00000001 "AutoSaveShowProgress"=dword:00000001 "AutoSaveUseFileCmd"=dword:00000000 "AutoSaveOverwriteFile"=dword:00000000 "AutoSaveUseFileChooser"=dword:00000000 "AutoSaveFilename"="%Y-%m-%d %H-%M-%S $fileName" "AutoSaveProfile"="default/good" "AutoSaveFileCmd"="" "AutoSaveUseUser"=dword:00000000 "AutoSaveUser"="" "AutoSaveAsService"=dword:00000000 Software Center Error Logs: App Discover APPEnforcement Please note. it is uninstalling the old version 9.2.1 after that nothing happens. when i Try to run install-pdf24.bat (pdf24-creator-11.28.2-x86.msi) manually. it is installing. Can you please help.
- 
	please try again, the link only works for logged on users and now you are logged on
- 
	New PowerShell Based SCCM OSD Frontendmmck replied to taylorblakeharris's question in Frontends, HTA's and Web Services Hi can you share the script and details lease for this?, thanks McK
- 
	Hi there, I am looking into to your post from 2016 about creating an engineer front end to use in a task sequence to allow the build engineer to input certain details for the machine being built. When I click the link to see the code or more details it says not available?, are you able to share this with me please. Thanks Robert
- 
	Need Suggestions for Microsoft Azure AI Engineer Associate CertificationAllan Walker replied to Danial's topic in Azure I saw your post about preparing for the AI-102 exam. Like you, I’ve found AI-102 practice questions very helpful in reinforcing concepts. But I agree with commenters who warn against relying solely on dump sites; they may be illegal or inaccurate. In my own preparation, I combined practice from reputable platforms (including <DONT SPAM HERE>) with official Microsoft Learn modules, documentation, and hands-on labs. The practice questions helped me identify weak spots and gain speed, while official resources ensured I understood the fundamentals properly. My suggestion is to use <DONT SPAM HERE> as a supplement, not a crutch. Focus mainly on trusted sources, build projects, and test yourself under timed conditions. That balanced approach gave me more confidence as I entered AI-102.
- 
	Chris Payne started following SCCM Content Library Cleanup
- 
	I am having the same issue. When I run the log command all I get is the following "Because this distribution point is co-located with its site server, packages may correctly exist in the content library that are not distributed to the distribution point. Package deletion has been disabled.". We have one MECM server that also hosts the DP. Any suggestions would be great. Thanks
- 
	Introduction Microsoft has just pushed out yet another new feature for Windows 365 and Azure Virtual Desktop environments which is called health checks. Myself and my good friend Paul Winstanley took a look at the new feature and wanted to share our thoughts with you. We looked at the new functionality of the Windows app on Windows devices but this new feature is available via the Windows app on the following platforms: Windows: version 2.0.703.0 or later macOS: version 11.1.8 or later iOS: version 11.1.7 or later Android: version 11.0.0.46 or later What are health checks ? Good question. Think of it as a way for the Windows app to carry out a series of checks to verify that everything is in place to ensure that you have a consistently good connection to your Cloud PC and if something is not right, to report that there’s a problem to you via the app and via logs. These checks happen if it detects a network change, or can be triggered manually by the end user or automatically when the Windows App itself starts or when the user makes a connection to a resource such as a Cloud PC or Cloud App. Let’s take a look In the current version of the Windows app (2.0.704.0 at the time of writing), the health checks ability has been added. Please note that it is gradually rolling out to all regions, so if you have updated your Windows app and still don’t see the health symbol, don’t panic, it’s on its way. To verify which version of Windows app you are running see here. Before the feature rolls out your Windows app will look something like this. After the health check feature is enabled for your region, the Windows app will appear something like this, notice the new heart shaped icon on the left menu highlighted with a green arrow. Clicking it, brings up some information on the right side of the Windows app detailing the health of your connection. In there you can see the computer name, and what it determines to be the state of the system, the date and time of the check and the result of the check, in this case Everything looks good. You can also manually check the health by clicking Check again which will kick off the health checks, or click on Open log to see a log file containing what it has checked and the results of that check. Below is what the log file content looks like when everything is OK. The health_checks.log file location on Windows devices is: C\Users\<USERNAME>\AppData\Local\Temp\DiagOutputDir\Windows365\logs\health_checks.log You can also click on See all health checks to expand a list of what is checked. that’s all fine when everything is working, but what about when you have an actual problem ? Detecting network issues If something is detected to be not working, such as a failure to reach a required endpoint, then the Windows app will alert you with a banner, and the Health Check icon will have a red dot to signify something is wrong. These changes to the Windows App appearance happen if a network change is detected. Clicking on the health check icon itself, or clicking the Check device health warning button will allow you to check and reveal what the problem is. At this point you have many options. Check again Open log See all health checks Open network settings Clicking on See all health checks in this example reveals that the network connection is disconnected. And as mentioned above, that was detected when a network change was detected, as is revealed in the log file by clicking on Open log. Clicking on Check again in this failed state reveals (in the log) that this was a user initiated check. After you’ve sourced the root of the problem (in this case the router was turned off to simulate a network failure), and resolved it, the log reveals that there was another network change, and this time all is good. So there you have it, automated and manual health checks are now possible using the new feature in the Windows app. More info You can get more info about the new feature from Microsoft below: Run health checks to detect issues with Windows App connections – Windows App | Microsoft Learn https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhancing-azure-virtual-desktop-and-windows-365-experience-with-health-checks/4446612 Summary The new health checks feature is a very welcome addition to the Windows app, as more and more companies have complex environments that contains proxies, ssl inspection, network sniffers that can interuppt or block the necessary traffic routes. The health check feature highlights when there is a problem with one or more of these endpoints, and alerts the end user with a popup. The admin in their turn can utilize the health check log to get more info about exactly what is failing. Thanks Microsoft for the feature and in particular thanks to the very helpful PM, Pavithra Thiruvengadam.
- 
	Introduction A new feature for Windows 365, and now in preview, is Windows 365 Cloud Apps. Instead of giving users a full remote desktop session, Windows 365 Cloud Apps are published as individual applications that run on a Cloud PC but look and behave like they are installed locally on the device. If you are familiar with Remote Apps, first introduced in Windows Server 2008 as part of Remote Desktop Services, then you will have an understand of how these operate. When Windows 365 Cloud Apps are published, you will be able to load up that individual application and if any interaction with another application is required, then that application will also fire up, even if it has not been published to the user. Note that Windows 365 Cloud Apps are only available to you with a Windows 365 Frontline subscription. myself and my good friend Paul Winstanley sat down to test run this new Windows 365 feature. It is nice and simple to set up so follow along. Create the Windows 365 Cloud Apps Provisioning Policy The first step is to create a provisioning policy for the Windows 365 Cloud Apps. This is done in the usual place for Windows 365 provisioning Devices | Device onboarding | Windows 365 | Provisioning Policies | Create Policy. You will notice a new Experience section in the policy wizard, here you will need to select Access only apps which run on a Cloud PC (preview) as the selection defaults to Access a full Cloud PC desktop. When you select the Access only apps which run on a Cloud PC (preview) option, Frontline will be automatically selected for License type and Frontline type will be Shared. All other options are greyed out as they are not applicable to Windows 365 Cloud Apps as mentioned earlier. Enter any other relevant information for join type, geography, region and SSO before proceeding through the wizard. The selection of the Image type is crucial for Windows 365 Cloud Apps as the solution will make available any discoverable applications in the devices’ start menu (Appx and MSIX are currently not supported discoverable app type – therefore Teams is not available at this stage). You can import a custom image to take advantage of other applications which are not included in the Microsoft Gallery images. Clicking the View link for Apps available on the image will display a list of the Cloud Apps that will be available to you when the device is provisioned. When assigning the policy, you will need to select the Frontline Cloud PC size from your Available Cloud PC’s drop down and create an Assignment name and choose the Number of Cloud PC’s, this number will reflect the number of licenses that you have available to use. After creating your policy, the Frontline Shared device, which will host the Cloud Apps will being provisioning. You can view this under All Cloud PCs. Give the device some time to provision and once completed it will report as such. Publishing some Cloud Apps Whilst clicking though the menu system, you may have noticed a new All Cloud Apps option, this is where we need to go to publish the discovered apps, making them available to the assigned users. We can see that 32 items were discovered from the image we selected and their App status is currently set to Ready to publish. Simply select the apps you want to publish and click Publish. Confirm your choice to Publish the apps. The App status will change to Publishing. and will, very quickly, become Published. You now have the option to Unpublish apps. The process is identical. Select apps you want to remove and click Unpublish. Confirm to remove them. The App status will revert to Ready to publish. How to access the Windows 365 Cloud Apps Windows App is the place to go to access your Windows 365 Cloud Apps. Prior to publishing apps to the users, the application will display any device based Cloud PCs the user has access to. With apps assigned a new option Apps appears. Look out for it as it’s a subtle addition and you could miss it initially. Clicking on Apps will display the published apps that you have made available. You can make an app a Favorite by clicking the ellipses. When launching an app a RemoteApp connection to the Frontline device will initiate and you may be prompted to authenticate along the way. and Allow remote desktop connection, depending on policies assigned to you. If this is the first time connecting to the Cloud App, it will take a little long to load up. You can click Configuring remote session to see that Windows is being prepared. You can identify the Cloud App from the icon on the Windows task bar, there is a Windows App logo on the top right hand corner of the icon. Once launched, you will feel as it the application is running on locally on your device. Pretty cool! Things to note To remove Cloud Apps from the All Cloud Apps view, you will need to delete the assignment of the provisioning policy. Since Cloud Apps run as Frontline Shared, the management of them is identical to management of a Frontline Shared Cloud PC, so be aware of any max connection limitations due to licencing. You can utilise policies assigned to Frontline devices, such as redirection. These will apply to Cloud Apps. When using a custom image, Windows 365 Cloud Apps will use a PowerShell script to scan the Start Menu for apps, so ensure that your tenant policies do not require extra authentication for PowerShell scripts to achieve this. Currently only apps discovered in the Start Menu are available. Microsoft are developing the ability to publish apps that are installed by Intune and are included in the Autopilot Device Preparation Policy associated with the Cloud App provisioning policy. We hope this blog post gives you a tester of this great new feaure.
- 
	New PowerShell Based SCCM OSD FrontendAbnrangerx67 replied to taylorblakeharris's question in Frontends, HTA's and Web Services HI, love it so far, and would be giving it try. We currently use the UDI from MDT, and with MDT going away, it is time for something new. In the interim, I built a new package using the scripts from MDT, then I download the package to a central location on the device during OSD, then just use command line steps to run the same commands to the scripts that MDT was using. So far works great, but, now that VB scripts are being deprecated, time for another switch, ugh. Which put me on the search and to your option. I am mediocre when it comes to programming, but I was able to leverage PowerShell script to handle some of the logic such as if the tech checked the box for LTSC, then another GUI would show, but only gave the option to image a specific device type based on its function. I will try and incorporate some of what I have into yours and see how it goes. One other thing I do is use a device name generator built with PowerShell that pulls the last 5 of the serial, then appends based on the location the device belongs to, it also checks AD to make sure device does not already exist. I have built some WPF with PowerShell, so I understand some of the coding. I just downloaded VSCode, so I taking the plunge to learn this on the fly. I hope I can ping you for ideas or solutions. Thanks
- 
	SCCM 2007 SP2 prerequisites downloadKnYghT replied to EngiNerd's topic in Configuration Manager 2007 @anyweb please share the 2007 sp2 files with me too 😔
- 
	When comparing OS deployment bare metal task sequence times between Windows 11 24H2 and Windows 10 22H2 I could see that 24H2 was considerably slower even though the task sequences were almost identical other than the OS being laid down on the device. I did a timing comparison and noticed two things in particularly that were taking considerably longer on the 24H2 device: 1) reboot tasks 2) time to finish up the task sequence work after the last step. For reboot tasks, I can see that the delay is between these two events in the SMSTS.log log: Waiting for policy to be compiled in 'root\ccm\policy\machine' namespace and Policy verification done within the OSDSetupHook component. On the Windows 10 device the time between those log entries was 1 second, but on Windows 11 24H2 those log entries vary, but it's usually around 2 minutes. At the end of the task sequence, after executing the last task, following The task execution engine successfully completed the current task sequence step smsts.log entry to when the smsts.log stops being written to, it takes 14 seconds for the Windows 10 device, but it takes 4:29 seconds for the Windows 11 device. The delays are similar, between these two events in SMSTS.log (see attached screen shot): End Task Sequence policy cleanup and Policy evaluation initiated within the TSManager component. Any reason policy work should take considerably longer on Win11 24H2? Any suggestions on where I can look to see as to why it's taking such a longer time to deal with policy work in 24H2? Is this a Win11 24H2 issue, a ConfigMan issue, or ConfigMan configuration issue? I am welcome to entertain any thoughts or suggestions folks have. Anyone else seeing this issue in their environment? Environment details: CM 2503 (5.0.9135.1000) without KB33177653 or KB34503790 installed. Windows 11 = 24H2 customized reference image built from August 2025 ISO. ADK = 21H2 (10.1.22000.1).
- 
	SCCM 2 Domains in 2 ForestsHenchman21 replied to ImaNewb's topic in System Center Configuration Manager (Current Branch) Create a cert template from existing working template from your CA and name it "XXXXX.INF" on the ca - copy to server that needs the cert SAVE IT WITH THE SERVER NAME. MAKE SURE IT'S AN .INF FILE. Create the REQ from the INF on the local server Open the INF file and replace the server template has “XXXXXX” for server name, replace with the with the server name you are working on. - open CMD as admin, navigate to where you put the XXXXX.INF example below Example: CMD.exe --> C:\temp\Certificate>certreq -new yourservername.inf yourservername.req Copy the XXXXX.req File to your Primary CA, now you want to submita new request. Open the Certification Authority console Click start type in CA and Certificate Authority should appear “Run as Admin” Right-click the CA → All Tasks > Submit a new request Select the XXXXX.req file and save it as a .CER file Example XXXXX.cer Now copy the XXXXX.cer file back to the server that needs it, and import it to the Computer\Personal Store. Trying running your ccmsetup.exe /install /mp blah blah blah I would try to get networks to open up ports to the CA from all subnet in that domain and ports that SCCM needs to communicate with. ports needed Kerberos 464 Certificate Enrollment Web Services Domain Controllers (DC) Allow Source Certificate Enrollment Web Services - Destination : DC LDAP 389 Certificate Enrollment Web Services Domain Controllers (DC) Allow Source Certificate Enrollment Web Services - Destination: DC Service: LDAP (network port tcp/389) LDAP 636 Certificate Enrollment Web Services Domain Controllers (DC) Allow Source Certificate Enrollment Web Services Service: LDAP (network port tcp/636) DCOM/RPC Random port above port 1023 · Certificate Enrollment Web Services CA Allow Please see for details on RPC/DCOM configuration: http://support.microsoft.com/kb/154596/en-us HTTPS 443 All clients requesting certs Certificate Enrollment Web Services Allow CERT INF Example Below: Example: [Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=XXXXX, OU=XXX, O=XXX, L=STATE, S=CITY, C=US" <----needs hostname - no fqdn of server you need KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=XXXXX.company.com" <---needs FQDN 2.5.29.37 = "{text}" _continue_ = "1.3.6.1.5.5.7.3.2" ; Client Authentication [RequestAttributes] CertificateTemplate = ConfigMgrClientCertificate DisableExtensionsList = "2.5.29.31,1.3.6.1.5.5.7.1.1" Hope this helps!
- 
	  SCCM 2007 SP2 prerequisites downloadGarthMJ replied to EngiNerd's topic in Configuration Manager 2007 You and me both, the SW is 18 years old and nothing is supported anymore. Even 2012 is 13+ year old now and nothing is supported either. It just doesn't make any sense.
- 
	SCCM 2007 SP2 prerequisites downloadKnYghT replied to EngiNerd's topic in Configuration Manager 2007 I wan't testing in homelab how to deploy windows xp and windows 7 with programs. I build at home a retro server farm just for learning old network system's. Thank u if u supporting me with sccm 2007 prerequisites files. My favorite windows server's is:windows server 2003; 2008; and 2008 R2 only.
- 
	  SCCM 2007 SP2 prerequisites downloadanyweb replied to EngiNerd's topic in Configuration Manager 2007 i'm curious, why are you guys installing such an old unsupported version of SCCM like this today anyway, can you please enlighten me ?
- 
	KnYghT started following SCCM 2007 SP2 prerequisites download
- 
	SCCM 2007 SP2 prerequisites downloadKnYghT replied to EngiNerd's topic in Configuration Manager 2007 I sent pm to you too. Thank you for help.
- 
	SCCM Software Updates - KB5063875jackie_jack86 replied to jackie_jack86's topic in Configuration Manager 2012 Thanks sir for your Revert. i have tried the script.whole client went wrong. i have tried again few steps more. This strange think i only noticed in Dell Latitude 5520 1. Uninstall SCCM_Client and install again.
- 
	  SCCM Software Updates - KB5063875anyweb replied to jackie_jack86's topic in Configuration Manager 2012 it looks to me like the update is failing on your clients, have you tried troubleshooting that ? I don't think this is an SCCM problem but a client problem. I asked copilot what it thought about the error given above and it came up with this script which does the following:... Renames Spupdsvc.exe to prevent interference. Stops Windows Update services. Renames update cache folders (SoftwareDistribution and Catroot2). Restarts update services. Runs sfc /scannow to fix system file corruption. Runs DISM /RestoreHealth to repair the Windows image. Prompts you to manually download KB5063875 if needed. Right-click the .bat file and choose "Run as administrator". Let it complete all steps (may take several minutes). Restart your PC and try installing the update again. fix_update_error_0x8024000B.bat

 
 
					
						