gavin1973
-
Posts
33 -
Joined
-
Last visited
Everything posted by gavin1973
-
application management Mandatory Profiles in Windows 10 1909
gavin1973 posted a question in Windows 10
I have a requirement that I need use a mandatory profile under Windows 1909, however, when I introduce the profile the user account is not able to use quite a few of the built-in apps like Calculator, Paint etc. The user account is domain user but have tried this on a local installation which is also the same. Under Windows 7 I used domain guest but under Windows 10 domain guest like mandatory profile unable to use some of the built-in apps. I could get round having to use this type of profile if I could clean up and remove the users data up on log off. The environment is for a public environment where members of the public are logging onto the machine but I cannot use a kiosk type mode. I have logged calls with Microsoft but they have not been able to resolve the issue and finally dependant on what you read basically says Microsoft do not support the use of domain guest or mandatory profiles. Any thoughts on this or possible way around the problem? -
Hi Roshan, The first thing you want to download is Dell CCTK or now known as Command Configure as this is the programme you use to manipulate the BIOS on Dell computers. The easy part in some respects in some respects is SCCM because once you have your command lines by using CCTK or Command Centre these can be added to SCCM.
-
Windows 10 1709 Upgrade
gavin1973 replied to Selby's topic in System Center Configuration Manager (Current Branch)
Hi, How are you doing the in-place upgrade? Are you selecting the feature update from the Windows 10 servicing window? -
I am not sure what you mean by an hard block is this a failure in the task sequence? And a rebuild of that device using your task sequence is working just not the in-place upgrade? Personally speaking I would now use the Windows 10 Servicing/Updates to go from Windows 10 1607. I have yet to deploy 1709 but I have deployed 1703 in-place upgrade to a few test machines using the above method and have not come across any problems. It may be worth trying this method to see if this works for you.
-
Hello, You have not mentioned if your building into a workgroup or domain? What O/S was you last building that activated correctly?
-
I am assuming that you have your MBAM environment set up? In a nutshell create a standard task sequence with BitLocker - The steps are pretty much the same prepare BitLocker, Install the MBAM Client and then Enable Bitlocker . I can probably send you a task sequence with these steps if your require.
-
Not sure on best practice but in my environment I have ADR's for Patch Tuesday that pull down the updates then these get deployed to pilot machines (testing) and then two weeks later for instance deployed to live machines. I guess it is down to what works in your own environment and from I have learnt what is right for one is not right for another.
-
I had exactly same issue trying to get applications to install in a workgroup scenario and I was scratching my head trying to work out what was the problem considering packages installed correctly. What I did to solve my problem was to used the following ' SMSCACHESIZE=15360 SMSMP=MP FQDN ' I see from the above that you have already tried but as soon as I told the client which MP to connect to it all appeared to work.
-
I have had same problem with driver selection based on some Lenovo laptops which tends to be down to a difference in name using wmic. I tend to used to use model selection for drivers and an auto drivers limited to 'windows 10' driver packs for instance to pick up any problematic devices.
-
Kesh, have you managed to resolve your issue?
-
Hello, is your problem resolved or you still having issues?
-
1709 Removing People AppxPackage
gavin1973 replied to ogeccut's topic in System Center Configuration Manager (Current Branch)
I use a powershell script to remove built in apps from the wim file. I have used successfully on all the Window 10 version including 1709. The script can downloaded from https://gallery.technet.microsoft.com/Removing-Built-in-apps-65dc387b#content -
Hello, Not sure if you still experiencing issues but I have been in this situation with 'Applications' but Update Content is the best method however with applications there is a revision history and this sometimes causes issues. What I tend to do in this situation is make sure I update content and then delete the old revision history.
-
Hello, The difference between MDT task sequence and non-MDT one is basically the latter does not use MDT functionality. In my experience both practically give the same results but an MDT one gives you more customisation I believe but I am not an expert when comes to differences to be honest. You could just remove stuff that you do not want to use or at least disable and test the build still works before removal. With windows 10 I have not built a reference image like I did for Windows 7 but basically used a build task sequence and then installed applications as part of that task sequence. I always use a .wim and in the case of Windows 10 I discovered a PowerShell script to remove the built-in .apx (programs) I did not want to use. Other customisations included setting the default programs using a custom XML and other changes that can be made is to the start layout but to be honest there was not a requirement for me to go that granular. This is the link to download the PowerShell script to remove Win10 apps and I have used from 1507 to current 1709 without problems. https://gallery.technet.microsoft.com/Removing-Built-in-apps-65dc387b
-
Personally I would copy the install.wim from the iso and use that instead of the source package I use the above method in all my build scenarios including 1709 selecting the required index i.e. enterprise.
-
I went through the same scenario in my environment when we upgraded SCCM and in doing so we changed the site code. In order to manage those machines we used a script to change the hardcoded site code to auto which then allows the machine reassign to the new site server. A snippet of the important part of the script: ''''Set Site Discovery to Auto Set objWMIService2 = GetObject("winmgmts://" & strComputer & "/root/ccm") Set objSMSClient = objWMIService2.ExecQuery ("Select * from SMS_Client") For Each objClient in objSMSClient objClient.EnableAutoAssignment = 1 objClient.Put_ 0 Next The key to was the 'EnableAutoAssignment' On a side note in the configuration manager client are you able to manually connect to your new site code? It may also be worth you checking the location log on the client machine to make sure there are no errors springing up in there.
-
Software collections security
gavin1973 replied to A.Kassem's topic in System Center Configuration Manager (Current Branch)
Under Administration - Security you have the ability to assign roles and security scopes. In my own environment I have our service desk staff assigned the role of 'Read-only Analyst' but you can also take this further by copying a role and modifying it to suit what ever needs you require. Taking this one step further you create/assign security scopes effectively locking users down to only the collections that you want them to access. -
This is the registry entry I had to move a round which was blocking me building the devices successfully. Fix-SigninADFS - HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\RequirePrivateStoreOnly /v value /t REG_DWORD /d 1 /f
-
As requested this is where I install o365
-
Not an offline files solution per say but installing Windows 10 into my environment I had an issues with Windows saving to particular storage medium. The solution in my case was to use 'onedrive' as replacement for the documents area with a folder redirection group policy which created the necessary folder structure within OneDrive/Office365.
-
It may be worth disabling part of your task sequence if you have not already so you are only putting an O/S on to the machine which would allow to further narrow down the root cause of the problem. In my case a task sequence re-order eventually sorted the issue out for me.
-
Another take on this is the use of an 'Asset Tag' field in the bios. In my environment I have a .wsf script that has been saved on the 'deployment root' and s called as part of the unknown device task sequence which works in two ways: 1) The script reads the asset tag from bios and removes any white spaces then outputs this to a variable 'AssetTag' 2) The computer name is produced using task sequence variable OSDCOMPUTER = D%AssetTag% or L%AssetTag% dependant on Desktop or Laptop
-
Hi, I am not aware the ability to limit a task sequence but it is certainly possible use a collection based query to limit the deployment.
-
Surface Book OSD issues
gavin1973 replied to xerxes2985's topic in System Center Configuration Manager (Current Branch)
It very much sounds like nic drivers needed in the boot image which has caused me headaches over the years and have you added the driver pack into SCCM task sequence? in past experience boot image has been fine but not having the correct drivers in the task sequence let me down. -
Hi, Can you possible provide a screen shot of your task sequence? I have o365 working in a task sequence with other applications. Do you see any thing in deployment logs to indicate the issue.
