Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

Everything posted by nhottinger

  1. We are currently running CM 2111 (HF KB12896009) on Server 2012 r2 and need to setup a new server. We are running out of disk space and it can't be increased. Is there a guide I can follow to bring up a new box and migrate everything to the new server as easily as possible?
  2. I do have a lot, but most of them are fron the Endpoint Protection Updates that get created multiple times a day. Should I just go through and remove all the stale update groups or is there a preferred method? ** Update ** That seemed to do the trick. I got rid of a lot of SUG's and I can now see the current update groups I created. This is a huge relief. Are they any other maintenance tips I should be following from a manual standpoint, not something that is already automated in SCCM?
  3. Only warning under component status is the SMS_ISVUPDATES_SYNCAGENT and has 3 events related to some fujitsu drivers, dell drivers, and adobe updates (all third party catalogs I'm working on recently). Everything is Green and OK
  4. Nothing beyond April 2021 shows up in the list (other than my Endpoint ADR). Searching for May 2021, or June 2021 which is what I call all of my SUGs brings no returns. April shows up just fine, nothing after that.
  5. I've posted other places online and searched for someone else with the problem and I'm coming up empty. Here's the deal, I'm pretty sure it started right after I upgraded to 2010 (now on 2103). When I create a software update group with updates in it, the software update group is no longer visible for me under the Software Update Group area. I'll add a picture and explain a bit more. Here's my normal process that used to work. I would select the updates I wanted to roll out to a test group. Download and Deploy them which would automatically create the software upgrade group that I named. Once the testing was complete and verified working, I would go to the Software Update Groups area and find the group I just deployed to the test devices and deploy it again to the entire org. Now after the 2010 upgrade, I no longer see any of the software update groups I've created. In the image, you will see that there are no groups showing after the 5/20/21 date (with the exception of the 21H1 group and I'm honestly not sure how I got that one to show up.
  6. I setup a configuration item and baseline to remove an icon on the Public desktop but it's not working. Here's my setup: SCCM Current Branch 1910 Configuration Item - Settings - looks for C:\Users\Public\Desktop - shortcutname.lnk. Compliance rules must not exist on client devices. Configuration Baseline - I added the configuration item to the evaluation conditions and deployed to group as usual. Even setting the evaluation time to 1 minute, it has not removed the icon after 2 days. What did I do wrong?
  7. I used WinDirStat and show that the WinSxS folder is eating 8.5Gb, but can't get rid of those. The largest space SQL related is the Update Cache, but only 1.5gb
  8. We are running 1902 with the Hotfix rollup. Server 2012 R2, 32GB RAM. OS is installed on C:\ (102GB), SQL DB installed on E:\ (199GB), and SCCM is installed on F:\ (1.70 TB). My C:\ drive is completely full, ie 0 bytes free. What can I do to free up some of this space so I can actually use the Admin console again? I've tried to go through and clean up things but there isn't much else I can do (that I know of). Is my C:\ drive just not big enough or will it just fill up more if we add space? Any help would be appreciated.
  9. I just updated our Windows 10 image with the newest 1903 version. Previously in my 1803 image, I used a cmd to turn off User Account Control during the task sequence using the following: cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f That had been working just fine. I took the exact same OS Task Sequence and just changed the OS image package and now every user, including administrators, are prompted when an .exe runs. (specifically whoami) which puts username, IP, ect on the desktop which makes supporting these devices much easier. Running other .exe's don't bring up this prompt from what I can tell so far. I verified UAC is actually set to not notify. Why does this app bring up the notification every time?
  10. That definitely helps! I was racking my brain trying to figure out why it didn't show up.
  11. I'm noticing that on some of my devices, the SCEP icon does not show in the taskbar to be able to run manual scans. Is this normal? Even thought the software shows in Programs and Features, it's not in the taskbar. I guess maybe I'm a bit confused. I've setup SCCM with all the antimalware policies and other settings. Do I even need to install the SCEP client on Windows 10 machines? All I have on them is Windows Security, did that take the place of Windows defender?
  12. We are getting ready to get rid of our AV solution and are looking to use SCCM Endpoint Protection instead. Is this enough? Are we still going to be protected as we were with a full blown AV? We are fully Windows 10 going forward. Is there a document that will walk me through setting this all up? Is there a way to setup email alerts when a virus / malware / other security alert is found? Anything else we need to know before starting?
  13. We have about 3000 pc's this would be used for management. Would that fall under the "large number"?
  14. Been looking for some recommendations but can't find any. Can MBAM be installed directly on the SCCM server or do they need to be separated on different hardware?
  15. Thank you for the information. I have set this up for a few test pc's before we roll it out to the org.
  16. Currently running CM1806 and looking into Endpoint Protection as a replacement for our current AV. I have the role installed and tested it to 1 pc and it all seems great, but I don't know where to go from here? Is there some kind of setup guide I can follow with best practices included? I have a lot of questions before I even begin really testing this? What OS's is this compatible with? Will it work on Server OS's (2008, 2012, 2016)? Just looking for some guidance on what my next steps should be.
  17. We just upgraded SCCM to 1806 including the hotfix. Everything seemed to be ok. I updated the ADK as well so I could install the new version of Windows 10. I'm currently having trouble with that as well, but that's a different post. Any idea why my windows 7 images fail at the driver package now that I upgraded SCCM? Nothing else has changed. Logs don't show anything of use that I can find. ** Update ** For all my windows 7 driver packages, I had to check "Install driver package via running DISM with recurse option". Wish that was in some kind of documentation I had read ahead of time.
  18. We just downloaded Win 10 1809 and started to attempt to roll it out (testing) but every time the task sequence fails with unknown errors (0x80004005) at the Apply Operating System Step. I did some searching and it sounded like the version of SCCM we were on was not compatible so yesterday I upgraded to Config Mgr 1806 and also the 1806 hotfix. Thought that would resolve the issue but it doesn't. I copied the original task sequence for 1803 that was working and replaced the OS thinking that would be the easiest way to do it. Any ideas what might we wrong with the 1809 version? *Edit, my Network Admin downloaded the ARM version which will not work on our pc's. Now that 1809 is paused, I'm not going to worry about it anymore. Until the next version...
  19. Solved: This has to do with Windows 10 and Imprivata. 1.) Run Regedit on the Windows 10 Endpoint. 2.) Navigate to [HKLM]\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers 3.) Rename “Wrapper for Automatic Redeployment Credential Provider” with the following GUID {11660363-49E2-4F87-AB2E-FD210019AE88} by adding an "_" at the front so the string should look like this: _{11660363-49E2-4F87-AB2E-FD210019AE88}
  20. We have an issue where some of our users are accidentally reloading windows without realizing it. Yeah, if they would read the words on the screen they would realize, but lets be real, our users don't do that. Here is the scenario. We are using Imprivata for SSO and strong auth in our healthcare facility. At the Imiprivata login box, the user is able to press "Esc" and bypass the Imprivata login box. When doing that, they are then able to click on "Other user" in the lower left hand corner of Win 10. If they select Other user, they are prompted with the attached image which will literally wipe their computer if they have admin privs. Some users do for specific reasons, most do not. We have had a few cases of this already. Is there a way to remove this option or get rid of the "Other user" sign in option?
  • Create New...