Jump to content


tale

Established Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by tale

  1. It sounds like the same issue I had found a few months ago. My USMT config was set to migrate="yes" for computer certs and keys. I didn't want to turn that off in case there was anything else that did need to be backed up. I don't know much about certificates so I decided to run a PowerShell script right after the USMT Restore process: # Cleanup after a USMT Restore [DateTime]$Date = (Get-Date -Format 'yyyy-MM-dd') # Find any outdated Client Authentication certificates $CompName = ($env:ComputerName).ToUpper() $Certs = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject.ToUpper() -like "*$CompName*" -And $_.EnhancedKeyUsageList -like "*Client Authentication*" -And $_.FriendlyName -eq ""} | Sort-Object NotBefore -Descending ForEach ($Cert in $Certs) { If ($Cert.NotBefore -lt $Date) { # Removing Old Certificate" Remove-Item -Path Cert:\LocalMachine\My\$($Cert.PSChildName) -Force } } It searches for client certificates with a subject matching the computer's name and with an older initial date.
  2. I normally use Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "Microsoft.People*"} | Remove-AppxProvisionedPackage -Online Get-AppxPackage -AllUsers | Where-Object {$_.PackageFullName -like "Microsoft.People*"} | Remove-AppxPackage with no issue.
  3. Yes to disable it by default, the registry is: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" /v PeopleBand /t REG_DWORD /d 0 /f I also added the other 2 to make sure notifications stay off if someone accidentally re-enables the icon on the taskbar REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People\ShoulderTap" /v ShoulderTap /t REG_DWORD /d 0 /f REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People\ShoulderTap" /v ShoulderTapAudio /t REG_DWORD /d 0 /f As long as it's hidden it doesn't really seem to do anything. And if you remove the Microsoft.People app, it's even more useless as it won't be able to actually connect to anything.
  4. There are 2 appx packages for 'People': Microsoft.People is the actual 'People' app in the start menu that can be removed Microsoft.Windows.PeopleExperienceHost probably can't be removed since it's embedded in to the OS (in the taskbar/settings).
  5. You should be able to add a RunSynchronousCommand to the unattend: cmd /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE /v DisableVoice /t REG_DWORD /d 1 /f That is supposed to disable Cortana during setup.
  6. That'd be a simple way to do it if you're able to and doesn't affect anything else. Just block 'SCClient.exe' for a targeted group I'd assume.
  7. My Adobe CC bundle is 19 GB. I haven't had issues with cache size for it, but I do deploy an AutoCAD suite that is 30 GB+ in size that I have worried about. For it, I point 'Content location' to a separate folder in my source folder (contains just a .txt file with the name of the software) and 'Installation program' I have the full server path to a batch file that starts the installation. Then the installation only downloads an empty folder in to ccmcache and runs the installation over the network. I don't have that many computers installing it, especially not all at the same time, so that method has worked out for me in specific cases.
  8. The only option for that I believe would be to completely disable 'user policy' on the server clients. You can make a custom Client Settings. Select Client Policy, change "Enable user policy on clients" to No, and deploy it to a collection. Those devices in the specified collection would then always skip processing any 'User Policy Retrieval & Evaluation'.
  9. Well the best way to do this would be to have separate 'Device Collections' for Servers & Computers and only deploy the specific software to the Computers collection.
  10. By doing that "Format and Partition Disk" after everything, it's saying to delete the whole disk again and create just a single 5GB partition. A solution would be to have a script to automate DiskPart. You'd have a batch script "DiskPart.bat" @ECHO OFF diskpart /s "%~dp0Diskpart5GB.txt" And then the actual disk part layout would be a file named "Diskpart5GB.txt" SELECT VOLUME D ASSIGN LETTER=E SELECT DISK 0 SELECT PARTITION 4 SHRINK DESIRED=5120 CREATE PARTITION PRIMARY FORMAT FS=NTFS LABEL="APPS" QUICK ASSIGN LETTER=D EXIT The first 2 lines would be to change an attached DVD-ROM Drive to the letter E so D would then be free to use for the partition. If the computers do not have any DVD-Roms that can just be removed The partition number on line 4 could differ depending on how the partition layout is setup but that should be it.
  11. I'm doing a quick build and capture with Windows 10 Build 14393 (1607) in which I have a script that removes some of the default installed apps. It's being done with System Center. In regards to the Contact app, it's now able to be uninstalled as a package. $Packages = (Get-WindowsPackage -Online).PackageName ForEach ($Package in $Packages) { If ($Package -like "*ContactSupport*") { Remove-WindowsPackage -Online -PackageName "$Package" -NoRestart } } It is removed with no issues, won't appear in the start menu for any users, but Sysprep will fail because of it. [setuperr.log] Failed to remove staged package Windows.ContactSupport_10.0.14393_......... Failed to remove apps for the current user: 0x80070002 When I log in to the VM after it fails, Windows.ContactSupport only appears if I run "Get-AppxPackage -AllUsers" where it says it's still staged {S-1-5-18 [s-1-5-18]: Staged} by NT AUTHORITY\SYSTEM If I even try to run powershell.exe as SYSTEM and now try Remove-AppxPackage it just fails like it used to and can't be resolved. Has anyone run in to this and able to fix it? Or should I just stop trying to remove "Contact Support" and leave it like the last Windows 10 OS builds had to be?
  12. Under the 'Advanced' tab on a task sequence, I've noticed the option "Disable this task sequence on computers where it is deployed." As I can't seem to find any details about that option other then the fact it exists, I'm curious as to how System Center detects this and then disables the task sequence for the device? Is there a way to clear it for a computer that is needing to be re-imaged after?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.