Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About boyjaew2

  • Rank
    Advanced Member
  1. Turns out. That is just not how it's done unless you want to root your devices or something. Guess I'm over to look at MDM in sccm...
  2. This might be completely outta bounds, but has anyone ever attempted image mgmt of android for tablets? We have a little less than 100 coming in and "they" want standardized OS across the lot and we would rather not do them all manually. Johan Arwidmark directed me to Kent Agerlund's blog and book on EMS, but I thought I'd present the question and see what if anything has been hacked together by the community. Thanks
  3. #Failure Even with group policy set as above after letting it sit all day, rebooting, manually updating group policy as well as it being refreshed by the normal update cycle and it being fine ALL day, I just rebooted my test machine and get a pop up saying that "This app is turned off by group policy" which it isn't and nothing has changed. Am I going to have to set a manually config on that damn key to make this work? Group policy doesn't seem to care much what the hell the setting is. SOME how my test computer got moved into a different OU. All is well. As you were.
  4. P.S. I also tested defender communication with SCCM with an EICAR file and it caught, removed and reported on the file in the SCCM console as expected.
  5. I imagine some of you sitting back and having a good chuckle at my little saga, but I think I've found out a few things that could come in handy. I'm still waiting to see if this is the real solution or not. So, bear with me. 1) It doesn't seem to matter what version of SCEP gets pushed with the ccm client install (the install will fail anyway - at least from what I've seen. Might be different with the GPO setting corrected?) as, when everything else is configured correctly it looks like win 10 just uses whichever version of defender it has on hand. 2) I had three GPOs on the OU I was
  6. I think that if I could some how magically get SCEP v. 4.8.10240.16384 into SMS_CCM\Client where my client install bits are it would maybe work. Right now I have v. . Any idea which MS forest-gnome I have to genuflect to to get that upgrade? Is this even an accurate assumption?
  7. So, what is the answer here? We know SCEP is replaced in win 10 with defender. I have messed with group policy to try and get it to run with no success.I previously deployed SCEP with ccm client. Now no matter what I try, short of changing the regkey for defender locally (which gets turned off again when GPO is applied regardless of a change in group policy settings) I have found no way to get access to the GUI locally on the client or see that it is being managed by sccm SCEP policy. What the heck is going on here? Thanks,
  8. Honestly, I've been trying to figure out how to do this since day one.
  9. With the script, are you saying I can add a TS step to go look at my existing WSUS server and get updates, during OSD, directly without creating the SUP?
  10. I'm going to jump in here as it seems like the closest to what I'm looking for. I'm pretty sure the answer is, no you can't run both concurrently, BUT, is it possible to have WSUS for regular enterprise-wide patching, but set up a standalone SUP on sccm JUST for OSD (unknown computers collection)? What I want to do is keep our WSUS operating that way that it is, but be able to install updates to new images so that when we deploy an image it will get patched without helpdesk personnel having to run through the MS updates song and dance as well as avoid having to do a build and capture to ke
  11. That did the trick alright. Now to the root cause. I'm trying to do something that I haven't done. Helpdesk is requesting something of an LTI or ZTI that will require less of their time configuring profiles, installing/updating software, drivers etc. etc. I am trying to keep my deployment images very thin. While they want all manner of stuff baked into the image. I have given up trying to explain to them why a bloated image is a bad idea. It SEEMS like I might be best served intergrating MDT into SCCM. I have used it before, but not integrated like this. I have already tried building a cus
  12. Heh, heh... So, how exactly do you schedule a deployment for the day before? The wizard does not let you complete the deployment. Or, do you have to schedule it and then wait a day?
  13. That is exactly which version I am running. I will try the workaround and see if that does the trick. Thanks, Mr. B.
  14. OSD is one of the first things I learned how to do and it's been a LONG time since I've had issues with it. I have honestly never seen this. I build my TS to deploy a system image like I have done a hundred times. Now, no matter what I do I can not get my TS to show in the list of availble task sequences. I have built from scratch, copied other known working TSs and nothing is making the damn thing show up. All of the referenced components have been distibuted and I have deployed the TS. Nothing. I'm I missing something here? The thing that is different in this case is I am trying to deplo
  15. I thought about it, but this change has to be made to about 160 machines and their psyches are fragile enough having recently completed enteprise wide removal from "everyone's an admin". I think the confusion would kill them, temporary or not. I think I'm going with a GPO scheduled task.
  • Create New...