anyweb

first question, why use Windows 7 it's EOL 2020, i'd recommend Windows 10 instead for a client based distribution point, secondly, you can enable branchcache but you will be limited to the number of concurrent connections per box as it's a client os and not a server os

did you confirm that the partition step is actually taking place and succeeding, can you attach your smsts.log ?

This week Cireson is launching 14 new Remote Management apps for the Cireson Analyst Portal for Microsoft Service Manager. They’re live on our website here: https://cireson.com/service-management/#remote_management They are offering a two-part webinar (in 3 regions) in November about these apps including deep dive demos. Registration is here: http://go2.cireson.com/af2?LinkID=CH00096971eR00000253AD Here’s a brochure with more information. sign up !

well that's why, once you've upgraded to one of the latest releases you'll see the easysetupfolder reduce to about 1.3GB or so

this is more than likely because you are using an earlier release of SCCM Current Branch, once you've upgraded to 1702 or later I believe that problem will be resolved. What version are you using ?

So you’ve heard all about Windows Server 2019 - now you can see it in action in a live demo webinar on November 8th! The last WS2019 webinar by Altaro was hugely popular with over 4,500 IT pros registering for the event. Feedback gathered from that webinar and the most popular features will now be discussed and tested live by Microsoft MVP Andy Syrewicze. And you’re invited! This deep-dive webinar will focus on: Windows Admin Center Containers on Windows Server Storage Migration Service Windows Subsystem for Linux And more! Demo webinars are a really great way to see a product in action before you decide to take the plunge yourself. It enables you to see the strengths and weaknesses first-hand and also ask questions that might relate specifically to your own environment. With the demand so high, the webinar is presented live twice on November 8th to help as many people benefit as possible. The first session is at 2pm CET/8am EST/5am PST and the second is at 7pm CET/1pm EST/10am PST. With the record number of attendees for the last webinar, some people were unable to attend the sessions which were maxed out. It is advised you save your seat early for this webinar to keep informed and ensure you don’t miss the live event. Save your seat: https://goo.gl/CgCSso

are you getting errors in dmpdownloader.log or cmupdate.log, can you attach the log file with the errors please....

enable cmd support in the boot image, then pxe boot and press f8 in the boot image before it reboots, open x:\windows\temp\smstslog\smsts.log what does it tell you ?

did you modify my powershell script in any way ? if not, can you show the set * variable steps ?

hi there i'd say start your investigation by reading through this topic, you can ignore the 'remote connection' part of it and focus on the WorkGroup bits..

can you include your smsts.log file so that we can see why it's failing, also what version of sccm is this and what version of the Windows ADK are you using

Introduction Microsoft Ignite 2018 (in Florida) has just come and gone but there’s still 644GB of sessions to get through, and all of them are online and available for you to review (or download). Ignite is an awesome experience but not everyone can attend, even if you could attend there’s no way you could see all the sessions you wanted to see, however now you can. In this blog post I’m going to add my notes about a session called “Learn how to leverage Intune support for Microsoft Graph and PowerShell to enable powerful automation and IT security” by these two clever guys. David Falkus, Rohit Ramu I do this because it’s great blogging and learning material and because it means that I can dissect these sessions in fine detail to see exactly what they were talking about and to expand upon it including code samples and links which you don’t get by simply clicking on a video. You can review it yourself here (20 minutes to watch): https://myignite.techcommunity.microsoft.com/sessions/64603 The session starts with a quick intro from David and Rohit before acknowledging that Rohit wrote the PowerShell modules for Intune. Good job Rohit ! (p.s. he’s also good at Music and is on soundcloud). Next, David points out that Intune totally rebuilt itself in 2017 when they decided to use Microsoft Graph API as the API of choice for use with the UI and to use Automation and Services to interact with Intune. Microsoft released GitHub PowerShell samples in 2017 (which I blogged about here). https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/8363319-add-powershell-support-to-manage-the-service As a direct result of that feedback, Microsoft is announcing the PowerShell Intune SDK module As a direct result of that feedback, Microsoft is announcing the PowerShell Intune SDK module But, it’s in preview mode right now, that said, you can download this PowerShell preview module from GitHub at https://aka.ms/intunepowershell This PowerShell preview module supports the following: The granular level of control with Microsoft Graph, also comes with complexity so Microsoft have also provided a user interface by way of the Azure Portal. The user interface (UI) abstracts away some of that complexity and makes it easier to get things done. The Intune PowerShell SDK has a 1:1 mapping between Graph and the SDK so whatever you can do in Graph, you can also do in the SDK but this comes with the same complexities that come in the Graph API, so to assist with that they will release modules (Scenario Modules). Rohit demos some of this in the session (and they want feedback on this, so if you have any suggestion or feedback, please provide it either to them directly or send it to me and i’ll pass it on). To begin with, browse to https://aka.ms/intunepowershell and scroll down to learn how to login, use the commands and so on. The scenarios mentioned by Rohit are found here –https://github.com/Microsoft/Intune-PowerShell-Management o get the modules, scroll up to the top and click on the Releases tab (in GitHub). In the releases, click on the link the ZIP file, download it and extract it, there are two folders, one for cross-platform (netstandard2.0) and the other for Windows only (to popup forms etc). In the net471 folder you’ve a bunch of files and the psd1 file is the most important, it’s the module manifest (it actually does stuff) and that’s the one you need to import to do things. Importing a PowerShell module To import this module you need to first open a PowerShell (or cmd prompt) using Administrative permissions. Next, browse to the folder where you extracted the Microsoft.Graph.Intune.psd1 file and then issue the following command in an administrative PowerShell cmd prompt. Import-module Microsoft.Graph.Intune.psd1 If you didn’t open a cmd/PowerShell prompt as an Administrator you’ll see the following error: Import-Module : The specified module ‘Microsoft.Graph.Intune.psd1’ was not loaded because no valid module file was found in any module directory. At line:1 char:1 + Import-Module Microsoft.Graph.Intune.psd1 if you then try to import the module and get the following error: Import-Module : Could not load file or assembly ‘file:///C:\Users\niall\Desktop\Intune-PowerShell-SDK-Release-6.1811.00642-preview\Release\net471\Microsoft.Intune.PowerShellGraphSDK.dll’ or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515) At line:1 char:1 + Import-Module .\Microsoft.Graph.Intune.psd1 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Import-Module], FileLoadException + FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.ImportModuleCommand to resolve this, you need to unblock the files, you can use the following PowerShell to do so, use the following command while you are in the folder containing the files you just downloaded. gci . | Unblock-File after which you can import the module without errors. After importing the module you want to log in to Graph. To do that, use the following PowerShell command: connect-msgraph This will popup a login prompt, enter your Microsoft Intune credentials Once done you are connected to your tenant. To see how many cmdlets are available in the SDK try the following PowerShell cmd: get-command -module Microsoft.Graph.Intune | measure which output’s something like this: PS C:\Users\niall\Desktop\Intune-PowerShell-SDK-Release-6.1811.00642-preview\Release\net471> get-command -module Microsoft.Graph.Intune | measure Count : 1287 .. So each of these 1287 cmdlets equates to an operation in Microsoft Graph. Amazing. These cmdlets were generated using the Graph MetaData and these are based upon the Microsoft Graph documentation. Here is an example of that. Get mobileApp And the cmdlet is based upon the info in the HTTP Request for example… get-deviceAppManagement_mobileApps and that will return a long list of apps in your tenant You can then fine tune the results to for example, select Publisher and Displayname get-deviceAppManagement_mobileApps -select publisher , displayname To further filter, you could say filter where the publisher contains the word, Microsoft. get-deviceAppManagement_mobileApps -select publisher, displayname -filter “contains(Publisher, ‘Microsoft’)” Ok that’s cool, but to do really cool things try this code. $createdApps = ‘https://www.windows-noob.com’, ‘https://www.niallbrady.com’, ‘https://www.linux-noob.com’ ` | ForEach-Object { ` New-DeviceAppManagement_MobileApps ` -webApp ` -displayName $_ ` -publisher ‘Niall’ ` -appUrl $_ ` -useManagedBrowser $false ` } and here’s the output and here’s the result of that.. $createdApps and you can verify that in the Intune console After this point, Rohit demo’d auditing of paged events as only 1000 events can be paged via Graph at one time. This is shown below. $auditEvents = Invoke-MSGraphRequest -HttpMethod GET -Url ‘deviceManagement/auditEvents’ Note that this doesn’t work in production currently, only special Beta tenants. So I’ve nothing to show here.. check the video for more details. Next try to add an iOS LOB app using 2 commands (well… a wee bit more than that) with the following code… $appToUpload = New-MobileAppObject ` -iosLobapp ` -displayName “Niall’s cool App” ` -description ‘A cool iOS LOB app’ ` -publisher ‘Niall’ ` -bundleId ” ` -applicableDeviceType (New-IosDeviceTypeObject -iPad $true -iPhoneAndIPod $true) ` -minimumSupportedOperatingSystem (New-IosMinimumOperatingSystemObject -v9_0 $true) ` -filename ‘niallbrady.ipa’ ` -buildNumber ‘v1’ -versionNumber ‘v1’ -expirationDateTime ((Get-Date).AddDays(90)) Now, go back to the Intune PowerShell SDK GitHub page here and scroll down to the scenarios link..you get a link to this page – https://github.com/Microsoft/Intune-PowerShell-Management which contains links to more samples and modules. Don’t forget to unblock the module before importing otherwise it will fail…make sure it points to the Apps folder which contains the scripts gci “C:\Users\niall\Desktop\Intune-PowerShell-SDK-Release-6.1811.00642-preview\Scenario Modules\Apps” | Unblock-File and then import the module… import-module ‘C:\Users\niall\Desktop\Intune-PowerShell-SDK-Release-6.1811.00642-preview\Scenario Modules\apps\Microsoft.Graph.Intune.Apps.psd1‘ the use the following command to upload your iOS LOB app called niallbrady.ipa (can be a text file for the purpose of this demo) $uploadedAppFile = New-LobApp -filePath ‘niallbrady.ipa’ -mobileApp $appToUpload And the app will appear in the Intune portal Next let’s try and get all apps and then group those apps by app type. $apps = Get-DeviceAppManagement_MobileApps $appsGroupedByType = $apps | Group-Object -Property ‘@odata.type’ and when you use the $appsGroupedByType variable, you see a load of values including count, name, group… then add the following code… to create x and y values… [string[]]$xvals = $appsGroupedByType | ForEach-Object {$_.Name.Replace(‘#microsoft.graph.’, ”)} [int[]]$Yvals = $appsGroupedByType | ForEach-Object {$_.Count} and then you can visualize the data using another of the scenario module scripts (which is in the Samples sub folder, see my screenshot below the code) which uses WinForms. .\VisualizeData.ps1 ` -Title ‘Intune apps by type’ ` -ChartType ‘Pie’ ` -XLabel ‘App Type’ -YLabel ‘Number of apps…’ ` -xValues $xvals -YValues $YVals and if you change Pie to Bar in the code snippet, you can run it again and see this Pretty awesome stuff, well done Rohit and David ! Recommended reading https://blogs.technet.microsoft.com/intunesupport/2016/10/04/using-the-microsoft-graph-api-to-access-data-in-microsoft-intune/ https://www.microsoft.com/en-us/microsoft-365/blog/2018/06/12/how-we-built-rebuilt-intune-into-a-leading-globally-scaled-cloud-service/ Microsoft GitHub PowerShell samples for Intune https://aka.ms/intunepowershell https://github.com/Microsoft/Intune-PowerShell-Management https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/intune_apps_mobileapp_get

what version of windows 10 are you testing on, I can re-verify

hi, it's not available yet, coming soon, be patient

once office is installed those icons will show in the start screen without you needing to do anything, you just need to be patient, this is EXACTLY what it looks like if you keep the start screen open and wait for office to install, once it installs it auto-populates the start screen

there are two main options: change the deployment schedule, when you deploy it you create a schedule, by default in my blog post it runs every day at 11am, you can change that to run every 2 days or whatever schedule you want, does that help ? the other place is a timer is in the upgrade.hta, in that if the user ignores the popup (clever users...) then it will auto-timeout after 8 hours or so, and reduce the deferals by one, here's the section of code to edit, it's in milliseconds so 8 hours... https://duckduckgo.com/?q=28800000+milliseconds+to+hour&amp;t=ffab&amp;ia=answer ' is the user ignoring the HTA ? if so, let's exit 99 and remove one deferral after <scheduled time> ' Note: this value must be LESS than the schedule of your deployment ' Note: this value must be MORE than the HTA countdown (pbwaitTime) iTimerID = window.setInterval("UserIgnoringHTA", 28800000)

thanks for sharing that info Dietmar !

are you referring to the 4 hour countdown that occurs after you run out of deferrals ? or something else

interesting but shouldn't be needed, I'll try and post the client settings you do need to avoid the popup, (try)

yes of course just edit the wrapper.vbs, i completely forgot to update the scripts as i've rewritten the wrapper in PowerShell, i'll try and update it later this weekend

It’s finally released, the long awaited Windows 10 Enterprise, version 1809 (otherwise known as The Windows 10 October 2018 Update) is available for download on Microsoft’s MSDN site, also to note, the Windows 10 Enterprise LTSC 2019 version is released. There is a corresponding download for Windows 10 Enterprise version 1809 also on VLSC however it’s for ARM Architecture only (64bit), so probably not of much use to you and me… This release is packed with lots of interesting new features detailed here. Also released is the Windows ADK version 1809 here. And if that wasn’t enough, Windows Server 2019 is finally Generally Available (on MSDN), time to start downloading ! For more info about the new release, please read this: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1809/ba-p/263909 cheers niall

that error usually means unsupported subsystem (like using an x86 package in an x64 os or vice versa), but without the full smsts.log it's hard to be sure

how are you installing them, have you seen my guides on the same subject ? like here

Introduction At Microsoft Ignite this week in Florida, there were many new announcements of new capabilities in products such as Microsoft Intune. With so many new announcements it’s hard to keep up, but if you want to find out more, read on or select the part that interests you below. Part 1 – Introduction and news Part 2 – iOS – what’s new Part 3 – Android – what’s new Part 4 – macOS – what’s new Part 5 – Windows – highlights This content is based on an excellent session entitled “BRK3036 – Managing devices with Microsoft Intune: What’s new and what’s next” and you can review it yourself here. The session was presented by: Terrell Cox Paul Mayfield In this post we’ll look at some of the highlights for Windows 10 management with Intune. Win32 App Management feature Now when you try out this feature in Intune, you’d think you can just point to a recently downloaded EXE, or MSI file, but no, you cannot. You can only use files that have been converted into the .intunewin extension. How do you get that extension ? using this tool. Download the required tool Once downloaded, run the EXE and point it to the source folder that you have the MSI or EXE downloaded to that you want to convert, and then, spell out the file name, and finally select the output folder, it will then convert it to the *.intunewin extension as you see below. which will allow you to upload it into Intune. This new feature supports multi file installation, exe, msi, cab files.\ and you can even configure cmd line switches just like you do in Configuration Manager You can configure the requirements And you can even configure detection rules and return codes, so that you know if the app installed successfully or failed. Once added, you can assign this to groups of users, as required (mandatory) or optional (via the company portal), and keep in mind that for Office ProPlus with Intune all you need to know is that you can utilize what’s available within Intune to deploy that, I blogged it earlier here. What about Configuration Management ? A few of the concerns from customers to Microsoft was that using the MDM stack in Windows for configuring Windows was that it had a lot of important settings, but not enough for what was needed to be configured in the environment. So now within (for example) Endpoint Protection in Intune, you can configure dozens of settings, that were previously available via Group Policy, things like firewall rules or Bitlocker. But if you select, Windows 10 or later, then select the new feature Administrative Templates you have thousands of settings to choose from (searchable too), that can configure things for applications like Office Desktop. This takes the ADMX infrastructure from Group Policy and makes it possible to deploy via MDM. MDM Security baselines But wait, there’s more, you can now also configure MDM security baselines. And the idea behind these baselines is Microsoft has recommendations for what those settings should be. And with these options, you can select what should be good to select for your enterprise to have a secure compliant deployment of Windows. The recommendations are available dynamically in the console on an ongoing basis. What about Devices ? If we go to the device enrollment, windows enrollment tab you can select windows enrollment and look at the new Windows Autopilot options, as shown below. Note: The below info was taken from another related session, see my notes on that here Windows Autopilot Announced at Microsoft Ignite last year (2017), helps customers moving to modern management. Windows AutoPilot Scenarios. Hyrbid azure ad join, starting in 1809, can be hybrid azure ad joined (enrolled into Intune and device joined to on premise AD). Also announced Windows Autopilot for existing devices… Use Intune to create dynamic groups for those autopilot devices. Can pre-assign users to devices, in the Intune console you find the device (in Windows Enrollment, Windows AutoPilot devices), click assign user, When they go through autopilot they wont be prompted for the email address, instead they’ll get a custom welcome and a more personalized login. Windows Autopilot and ConfigMgr Autopilot task sequence, supported starting with windows 10 1809 Create a package with the JSON file which was created using the Powershell cmdlets Then create the autopilot task sequence, add the package, provisioning the device using the task sequence that’s it for this series, I hope you enjoyed it, cheers niall (at Microsoft Ignite in Orlando, Florida).

Introduction At Microsoft Ignite this week in Florida, there were many new announcements of new capabilities in products such as Microsoft Intune. With so many new announcements it’s hard to keep up, but if you want to find out more, read on or select the part that interests you below. Part 1 – Introduction and news Part 2 – iOS – what’s new Part 3 – Android – what’s new Part 4 – macOS – what’s new Part 5 – Windows – highlights This content is based on an excellent session entitled “BRK3036 – Managing devices with Microsoft Intune: What’s new and what’s next” and you can review it yourself here. The session was presented by: Terrell Cox Paul Mayfield Intune managed versus Jamf managed With Intune Managed macOS, you have basic platform MDM management which is ideal for scoped or modern management needs for corporate owned devices. You can deploy certificates, password configuration and applications and you can limit access to non-compliant Macs. There’s security with protection via device wipe and encryption. With Microsoft’s partner, Jamf (+EMS) you get Advanced MDM management of Macs, which allows you to do extensive inventory, depth of security controls, self-service application catalog and end user controls, you can also limit access to non-compliant Macs and do scripting. EMS + jamf Mac devices managed by jamf are registered with Intune and this allows Microsoft to leverage Intune for compliance and when the user logs on to the device, jamf will be managing it and ensuring that the user configuration is correct, and will check in with the Intune service to determine whether or not the device is compliant, and compliance is everything, because with non-compliance you can deny access to company resources using conditional access in Azure AD which can grant or deny access based on that compliance. MacOS new features recently added The following new features have been added to Intune to support MacOS. Join me in Part 5 for Windows features.