Leaderboard

This thread really got me to the point I learned so much, and created a never knew before technology. I was able to build a whole new frontend for our OSD. I have attached what I created, hope it helps anyone who wants to do the same, and I am excited for suggestions for improvement. I changed the background to something stock and removed our company one, but the concept is the same. OSD FRONT END BASE TEMPLATE-shared.ps1

Each application install within the task sequence has a button to delete its cache after the install. It's at the bottom "Clear application content from cache after installing". Not good for Self-repair apps like VLC. I know this is a 10 year old thread but its top result of google, so leaving it for others.

I wan't testing in homelab how to deploy windows xp and windows 7 with programs. I build at home a retro server farm just for learning old network system's. Thank u if u supporting me with sccm 2007 prerequisites files. My favorite windows server's is:windows server 2003; 2008; and 2008 R2 only.

this is odd, so are you saying that in Windows File Explorer that you cannot browse the D:\ drive at all ? if that's not what you mean then please explain what "when accessed directly from the system" means.

Yes, you can do that. See this post. https://askgarth.com/blog/adding-an-all-option-to-your-prompt/

Worked like a charm. Thank you. I will give Copilot a shot next time.

I asked copilot and it gave me this response, try it !, if it works then you can just apply the registry key via a step in the task sequence just before it normally shows up Open Registry Editor: Press Win + R, type regedit, and press Enter. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE Create a new DWORD (32-bit) Value: Name it SkipMachineOOBE. Set its value to 1. Create another DWORD (32-bit) Value: Name it SkipUserOOBE. Set its value to 1. These changes should bypass the "Just a moment" screen during the OSD process.

@anyweb, thank you for your availability and troubleshooting. I have figured out the problem. The issue stemmed from the fact that I was primarily working with headless computers in my environment. Even though I was running MSTSC with the /admin or /console switch, I never properly checked if the established session was, in fact, a console session. This is why the policy would fail, and we would see errors in the logs when the policy attempted to launch the MBAM UI. I didn’t realize this until I revisited my VMs and accessed them through the console, instead of connecting via MSTSC. On existing, imaged devices, I was able to resolve the issue by manually interacting with a few devices using SCCM's remote control viewer, which establishes a console session. After logging in via SCCM’s remote viewer, the BitLocker policy executed and encrypted the drives without any issues. For anyone else in your community facing a similar problem, I addressed the headless computer issue by creating a task sequence during OS deployment. This ensures that devices are imaged with the appropriate BitLocker settings that align with my BitLocker policy. This way, all imaged devices are compliant from the start, and SCCM can still report compliance for these devices, since the policy settings are consistent and encryption is not required. Since I will mostly be accessing the headless computers via MSTSC, this solution works well for my environment.

Sorry to hear that. Thank you for the reply.

Another point of reference I wrote a few years back can be found on our blog here!

Ok, fixed it. In case anyone else ends up with this issue; the problem in this case was trusted site settings. For some reason the "include all local (intranet) sites" option was not being respected and the fqdn of the primary site; cmserver.corp.com had to be added to the local intranet zone. The company portal logs shows that an exception occurred when calling the config manager user service Exception of type MessageSecurityException has been thrown. Detailed message: MessageSecurityException handled when trying to query the User Service with using... and that the Config Manager user service is using Windows Authentication 76xxxxxa-0xxa-4a6e-911f-fxxxxxxx9 2-1-1 Configuration Manager User Service is using Windows Auth. IIS logs on site server shows no authenticating users but a series of 401 returns to requesting client. When the client is on the Internet the company portal logs shows that the user service is contacted using AAD Auth instead of Windows auth so in that case no Integrated authentication was attempted. After adding the site server to the local intranet zone and re-launching the company portal all apps were displayed and no auth failures were logged

figure this out for anyone interested, found an article from 2012 that outlines some registry key changes you need to make on you cluster nodes. https://forum.red-gate.com/discussion/15396/error-monitoring-clustered-sql-server snippet taken from the article above. Of the tests we conducted above the root cause of the short file name error during the Pre-req checks was found to be the fact that we were not able to remotely access the registry using the SQL Virtual name which we should have been able to do. On contacting Microsoft Support we were informed that there are known issues around NoRemap registry key needing to be set if you are using Network Name resource that is dependent on a separate new IP Address resource – see http://support.microsoft.com/?id=306985 The final solution was to add a new REG_MULTI_SZ registry key to BOTH cluster nodes called:- NoRemapPipes to:- HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\ This key should contain the values of:- WINREG EVENTLOG svcctl After adding the above key and values we needed to reboot both cluster nodes and then we were able to connect to the SQL Virtual names (CLUSQL02 + CLUSQL01) using Regedit (Remote registry). Running the SCCM Pre –req checker now returns no errors. Hope this soluton helps someone else.

Hi guys Havent posted here in so long Firstly. DO you think its worth having a Microsoft Edge ( Chromium) forum section? I think more people will be deploying this now, especially with the nice enterprise stuff its got with SCCM integration tools ok now to my question I am currently working on deploying New Edge to my org. We currently use IE11 for legacy sites in compatibility mode with a website list in xml format sitting on all our users computers. IE looks for this site and opens it in compatibility mode This xml file is created using Enterprise Site Manager v1 WHen checking out how to make an xml for New edge. It says theres a v2 https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance It says I wont get the benefits if I continue to use v1 but doesnt explain the benefits? What are they? We already have a list of sites in a v1 schema so I want to know if I should change it to v2 scheme for my MS new edge deploying for IE mode

If you use/have PowerShell built into your WinPE image, you could avoid using any files at all with this one-liner in the "Prestart command settings">"Command line" box: powershell.exe -noprofile -command "$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment;$TSDeploymentID = Read-Host 'Enter the TS Deployment ID: ';$TSEnv.Value('SMSTSPreferredAdvertID') = $TSDeploymentID" Partly leaving this here so I can find it in future. ?

Try ... Monitoring -> Distribution Status -> Content Status.