Leaderboard
Popular Content
Showing content with the highest reputation since 05/17/24 in all areas
-
Do follow steps 1) delete c:\windows\system32\GroupPolicy\Machine\Registry.pol 2) Gpudate /force 3)initiate Machine policy , software update and evaluation.2 points
-
Worked like a charm. Thank you. I will give Copilot a shot next time.1 point
-
I asked copilot and it gave me this response, try it !, if it works then you can just apply the registry key via a step in the task sequence just before it normally shows up Open Registry Editor: Press Win + R, type regedit, and press Enter. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE Create a new DWORD (32-bit) Value: Name it SkipMachineOOBE. Set its value to 1. Create another DWORD (32-bit) Value: Name it SkipUserOOBE. Set its value to 1. These changes should bypass the "Just a moment" screen during the OSD process.1 point
-
@anyweb, thank you for your availability and troubleshooting. I have figured out the problem. The issue stemmed from the fact that I was primarily working with headless computers in my environment. Even though I was running MSTSC with the /admin or /console switch, I never properly checked if the established session was, in fact, a console session. This is why the policy would fail, and we would see errors in the logs when the policy attempted to launch the MBAM UI. I didn’t realize this until I revisited my VMs and accessed them through the console, instead of connecting via MSTSC. On existing, imaged devices, I was able to resolve the issue by manually interacting with a few devices using SCCM's remote control viewer, which establishes a console session. After logging in via SCCM’s remote viewer, the BitLocker policy executed and encrypted the drives without any issues. For anyone else in your community facing a similar problem, I addressed the headless computer issue by creating a task sequence during OS deployment. This ensures that devices are imaged with the appropriate BitLocker settings that align with my BitLocker policy. This way, all imaged devices are compliant from the start, and SCCM can still report compliance for these devices, since the policy settings are consistent and encryption is not required. Since I will mostly be accessing the headless computers via MSTSC, this solution works well for my environment.1 point
-
Sorry to hear that. Thank you for the reply.1 point
-
Another point of reference I wrote a few years back can be found on our blog here!1 point
-
Ok, fixed it. In case anyone else ends up with this issue; the problem in this case was trusted site settings. For some reason the "include all local (intranet) sites" option was not being respected and the fqdn of the primary site; cmserver.corp.com had to be added to the local intranet zone. The company portal logs shows that an exception occurred when calling the config manager user service Exception of type MessageSecurityException has been thrown. Detailed message: MessageSecurityException handled when trying to query the User Service with using... and that the Config Manager user service is using Windows Authentication 76xxxxxa-0xxa-4a6e-911f-fxxxxxxx9 2-1-1 Configuration Manager User Service is using Windows Auth. IIS logs on site server shows no authenticating users but a series of 401 returns to requesting client. When the client is on the Internet the company portal logs shows that the user service is contacted using AAD Auth instead of Windows auth so in that case no Integrated authentication was attempted. After adding the site server to the local intranet zone and re-launching the company portal all apps were displayed and no auth failures were logged1 point
-
hi @RobsonM, thanks ! this tool does not migrate any of the users data, but ... it also doesn't delete anything so the users data (files apps etc) is still stored and hidden in their old profile located in C:\Users\<username.old> if you really want to migrate their data then you'll need to customize the scripts and/or use a 3rd party tool for that cheers niall1 point
-
hi @shintest, i'm working on it just now so plan on releasing yet another release soon, please stay tuned !1 point
-
In case anyone else encounters this, the issue is that using the run as feature in a task sequence that isn't OSD seems to require an account with interactive login. If it's an OSD task sequence, interactive login is not required. I had to call the credentials in the script and use a variable for the password to get around this.1 point
-
I have uninstalled the old ADK and installed the new one. version, 10.1.26100.1. Upgrade the Boot Image and recreate new MDT TS Now it is working and I can deploy my OS or Application with MDT and UDI1 point
-
yes but it won't help the MDT issue, i've informed the Microsoft Product group about this, let's see if they respond.1 point
-
hi @dipalma thank you for trying out my solution, this code is 'as is' and it's up to you to make it work in your environment, you can rem out all the scrolling by editing the associated log file, but what you really should have seen is the full screen status screen and not the powershell logging what that means is something probably failed which is why you are seeing the powershell cmd instead of the status screen, feel free to post your logs here and i can take a look. that said, i'm still working on it and will hopefully have a newer version of it to release in the coming month or two with a LOT of bug fixes and improvements cheers niall1 point
-
figure this out for anyone interested, found an article from 2012 that outlines some registry key changes you need to make on you cluster nodes. https://forum.red-gate.com/discussion/15396/error-monitoring-clustered-sql-server snippet taken from the article above. Of the tests we conducted above the root cause of the short file name error during the Pre-req checks was found to be the fact that we were not able to remotely access the registry using the SQL Virtual name which we should have been able to do. On contacting Microsoft Support we were informed that there are known issues around NoRemap registry key needing to be set if you are using Network Name resource that is dependent on a separate new IP Address resource – see http://support.microsoft.com/?id=306985 The final solution was to add a new REG_MULTI_SZ registry key to BOTH cluster nodes called:- NoRemapPipes to:- HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\ This key should contain the values of:- WINREG EVENTLOG svcctl After adding the above key and values we needed to reboot both cluster nodes and then we were able to connect to the SQL Virtual names (CLUSQL02 + CLUSQL01) using Regedit (Remote registry). Running the SCCM Pre –req checker now returns no errors. Hope this soluton helps someone else.1 point
-
Hi guys Havent posted here in so long Firstly. DO you think its worth having a Microsoft Edge ( Chromium) forum section? I think more people will be deploying this now, especially with the nice enterprise stuff its got with SCCM integration tools ok now to my question I am currently working on deploying New Edge to my org. We currently use IE11 for legacy sites in compatibility mode with a website list in xml format sitting on all our users computers. IE looks for this site and opens it in compatibility mode This xml file is created using Enterprise Site Manager v1 WHen checking out how to make an xml for New edge. It says theres a v2 https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance It says I wont get the benefits if I continue to use v1 but doesnt explain the benefits? What are they? We already have a list of sites in a v1 schema so I want to know if I should change it to v2 scheme for my MS new edge deploying for IE mode1 point
-
If you use/have PowerShell built into your WinPE image, you could avoid using any files at all with this one-liner in the "Prestart command settings">"Command line" box: powershell.exe -noprofile -command "$TSEnv = New-Object -ComObject Microsoft.SMS.TSEnvironment;$TSDeploymentID = Read-Host 'Enter the TS Deployment ID: ';$TSEnv.Value('SMSTSPreferredAdvertID') = $TSDeploymentID" Partly leaving this here so I can find it in future. ?1 point