Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

Posts posted by duberry_wotsit

  1. Can a WIP policy be used to ensure that the local sync cache of OneDrive is encrypted at the user level?

    Bitlocker is enabled on all our systems but it is possible for someone with administrator permissions to browse to C:\users\username\onedrive... and view other people's sync data.

    Offline Files used to be used and that had the required functionality.


  2. 14 hours ago, gavin1973 said:

    I am not sure what you mean by an hard block is this a failure in the task sequence? And a rebuild of that device using your task sequence is working just not the in-place upgrade?


    Personally speaking I would now use the Windows 10 Servicing/Updates to go from Windows 10 1607.

    I have yet to deploy 1709 but I have deployed 1703 in-place upgrade to a few test machines using the above method and have not come across any problems.

    It may be worth trying this method to see if this works for you. 



    Managed to resolve this.  Hard block is what you will see in the compatibility xml results within the logs.  The issue turned out to be that I copied the 1607 upgrade task sequence and just changed the image to 1703 or 1709.  When analysing what was running, despite the "ignore dismissible..." box being ticked SCCM was not passing the switch to setup.exe.  I created a new TS from scratch and that works correctly.  Have found other also report this issue on TechNet.

    Servicing doesn't work for us as I need to re-apply all the language packs during deployment so TS at present is the simplest way to achieve this.


  3. Hi,

    I am deploying in-place upgrades to many systems using standard task sequence.  This has been working well with version 1607, I've done over 1,500 machines this way.  I have tried to switch to use the 1703 or 1709 media however on system models which were fine with 1607 we now see them fail with a hard block due to having older Intel HD Graphics.  Systems with this issue include HP EliteDesk 800 G1 range.

    I cannot get the block to be ignored using the options in ConfigMgr and I'm not sure why it is an issue as going from 7 to 1607 to 1703/1709 works fine.  There is a Windows 10 driver for these systems in WU.  A rebuild works fine.

    Any ideas how to get around this?  I've tried updating the drivers in Win 7 first but still it gets blocked.

  4. I have some Server 2008 R2 clients which when running an online check against Windows Update are missing a number (12) of .net updates.


    One of these, for example, is KB2972216.


    According to WSUS kb2972216 was superceded by KB3188744, however KB3188744 is not applicable to 2008 R2. It is for Vista/2008 SP2. Because of this supersedence kb2972216 is no longer available to deploy from SCCM so the 2008 R2 boxes remain unpatched. There is no Security and Quality rollup for .net 4.5.2 on 2008 R2.


    What's going on here? Is it an MS issue for publishing incorrect supersedence rules? How can I get the 12 missing updated back into SCCM via Software Updates node?



  5. Great guide. In terms of which media is used to apply the upgrade is it case that as long as the target device has a matching OS language installed the media can be used? For example...


    • I have a mix of clients installed using either en-us media or the international media then set to en-gb.
    • All of my en-us installed clients have en-gb language installed
    • My en-gb installed clients do not have any other languages installed

    Is there any way I can upgrade all of these using the same media?


    Identifying which were installed en-us vs en-gb does not seem that simple as using ([wmi]"root\cimv2:win32_OperatingSystem=@").OSLanguage. This command will always return en-gb in an environment where you have used en-us media then installed en-gb language packs and then set them to default. The only definitive place to find the install language seems to be:





  6. I hav inherited an SCCM deployment with monthly workstation update packages going back to 2010. I want to clean this up and start afresh.


    I was thinking that I would create a new deployment package with all updates prior to this month (with all expired updates removed) and push that out so that all machines are up to date. The existing packages could then be deleted.


    Then from this month create a new monthly package and deploy that then repeat.


    Does this sound sensible? All the old monthly update packages are showing as grey as they are full of expired and superceeded. Provided I have create the new package with all updates up to this month I should be covered...I think!?



  7. I am looking to automate a prcoess as follows..


    Input AD username

    Retrieve network location of AD User Roaming Profile

    Retrieve network location of home directory

    Copy certain items from roaming profile to home directory

    Delete network roaming profile


    This is purely so helpdesk staff can delete a profile using a tool rather than having to browse to a server and delete manually...


    I am guessing I can perform this via VBS but am looking for some pointers, I don't have any vbs experience but a starting point would be nice..!



  8. Hi,


    All of the extensions such as Client Tools, right click tools etc use the SUB:Name variable to target their actions. Unfortunately in our environment where we have multiple DNS zones this means that the tools will only work on machines on the same subnet/DNS zone as the administrator.


    I would love to be able to roll the client tools out to all our technical teams but because the SUB:Name isn't the same as the FQDN they do not work. In our environment the FQDN is required for any device which is not on the same subnet as yourself.


    I know that the FQDN is stored in SCCM under Resource Names[0] but you cannot use arrays to target the extensions so I am not simple able to use SUB:Resource Names[0] in its place. Adding all the DNS suffixes to ip config is not an options.


    Any ideas!?



  9. Hi,


    We have hundreds of applications currently rolled out via GPO objects. I am going to begin the task of migrating all of these to SCCM, with the end goal of having little or no software deployed by GPO software installation options.


    I've been trying to find some best practice on this, the thing I need to understand is how to time it so that software is removed by the existing GPO before being applied by SCCM but with minimum disruption to users. I don't know if it is smart enough to realise that the application is already installed and not try to install it again when it is already present thanks to GPO or conversely if I deploy again with SCCM then remove the GPO object will that cause an uninstall?


    Thanks for any advice

  • Create New...