smaunsell

I have an application that requires a specific Windows Update to be installed before the application can be. Is there a way to check for this update before installing? Specifically, this is the Sophos Endpoint Protection from Sophos Central. Manually attempting to install without this update gives the message: The KB article says: Downloading the .msu file from the Microsoft Update Catalog fails the install saying "The update is not applicable to your computer" so it appears there are other updates that are needed before this one can be installed. SCCM will push out all the updates that are required. It just takes time. I'd like an installer in Software Centre that either installs the dependencies or doesn't display as available until the dependencies have been installed. Is this possible? If so, how?

SUCCESS..... New task: Set Dynamic Variable IF Make equals "Microsoft Corporation" AND Model equals "Surface 3" THEN SET MyModel = "Surface 3" Update existing task: Format and Partition Disk (Surface) 100% of reamining space on disk. NTFS file system. Options: Task Sequence Variable MyModel equals "Surface 3" Update existing task: Format and Partition Disk (Standard) 100GB fixed size. NTFS file system. Options: Task Sequence Variable MyModel notequals "Surface 3" According to https://github.com/Microsoft/SCCMdocs/blob/master/sccm/osd/understand/task-sequence-steps.md but we're not on that version yet. It looks like I'm at a point where I can image a Surface using simply a Microsoft USB Ethernet Adapter

I notice that task sequence variables have conditions 'exists, not exists, equals, not equals etc' whereas WMI queries can have eg 'like' and use '%'. It's not clear, that I can find, if task sequence variables can use '%' eg '%surface%' to cover all Surface models. I ran wmic csproduct get name from within Win10 and got Surface 3 so I added a task sequence variable of _SMSTSModel equals "Surface 3" and it failed. I also tried _SMSTSModel equals "%Surface%" and it failed. Also checked the BIOS and got the serial number and added a task sequence variable of _SMSTSSerialNumber equals "12345678" and it didn't like that either.

On a side note.......is it possible to use the 'Format and Partition Disk' task and specify a model ie Surface to apply it to? The current task sequence has: 2. Format and Partition Disk - BIOS This group/step will run if the following conditions are met: Task Sequence Variable _SMSTSClientCache not exists Task Sequence Variable _SMSTSMediaType not equals "OEMMedia" Task Sequence Variable _OSDMigrateUseHardlinks not equals "TRUE" Task Sequence Variable _SMSTSBootUEFI not equals "TRUE" Primary 350MB fixed Primary 100% of remaining space on disk 3. Format and Partition Disk - UEFI This group/step will run if the following conditions are met: Task Sequence Variable _SMSTSClientCache not exists Task Sequence Variable _SMSTSMediaType not equals "OEMMedia" Task Sequence Variable _OSDMigrateUseHardlinks not equals "TRUE" Task Sequence Variable _SMSTSBootUEFI equals "TRUE" Recovery 300MB fixed EFI 500MB fixed MSR 128MB fixed Primary 100GB fixed The Surface is UEFI but has only 64GB so it fails trying to add a 100GB partition. I'd like to have one task to add this 100GB on desktops but another task that uses 100% only on Surfaces. I can't find any task sequence variable that could be used to check the model (and WMI queries can't be used in WinPE). Can this be done?

It's taken a while pulling them out & putting them back in one by one but I can confirm that to get the touchscreen working on a Surface 3 in WinPE it requires the following drivers be put in the boot image: Surface TouchScreen Device Intel Serial IO GPIO Controller Intel Serial IO SPI Controller

Progress........ I mentioned that I'd started with just the 'Surface TouchScreen Device' driver (you'd think the name would give away that it's what is needed!!) but that didn't work so I added any driver starting with "Surface" eg 'Surface Accessory Device", one by one but it still didn't work. The link from keilamym mentioned that on an HP device it need the "firmware and chipset" driver. There's nothing obviously listed as this for the Surface so I just added all 36 drivers and.....the touchscreen works. Now it'll be a process of removing them one by one to work out which one(s) are actually needed. Once I've worked it out I'll post the details.

I'm not 100% sure as I didn't create it but I'd be pretty sure it's the Win10 1507 ADK. The version listed in SCCM is 10.0.10240.16384 which is 1507.

Yes, my original post says that's how I've been able to image the Surface. But ideally I'd like to not have to have to do this. I'd like to plug in the USB NIC, boot and press 'next, next, next' on the touchscreen.

I've downloaded the Surface 3 (not Pro) drivers and imported them into a Driver Package. I've edited a task sequence to add these drivers. I have configured the BIOS to boot from the official Microsoft USB NIC and have connected a USB hub with keyboard, mouse & NIC. I can successfully PXE boot and use the USB keyboard to start the process and it completes successfully. But......without the USB keyboard I'm unable to image the Surface. When booting from the NIC it provides and on-screen keyboard to start the PXE process and that works. Once it gets into WinPE and provides the SCCM screens I can't use the touchscreen to select anything and therefore can't image the Surface. I have edited the boot image and added the touchscreen drivers. I started with just the 'Surface Touchscreen Device (HIDClass)' but that didn't work so I began adding drivers one by one to find what was required. I ended up adding ALL the Surface drivers but it still wouldn't detect me touching the screen in WinPE. Has anyone successfully got this to work? If so, what was required?

Soooooooo, it appears that GPOs for Offline Files are all but useless in Win10. Computer Policy can enable/disable and that's about it. The User Policy does nothing - the settings for sync only apply to old OSs. I've had to use a logon script to add the locations that need to be synced:     The Computer Policy setting to 'Configure Background Sync' creates a scheduled task. Anther scheduled task is created (how??) to sync on logon (delayed by 4mins). But that's about all that can be done. #Get current username $username = [Environment]::UserName #Pin AppData $path = \\mydomain.com\AppData\$username $objWMI = [wmiclass]\\.\root\cimv2:win32_offlinefilescache $objWMI.Pin($path, 0x00001221, $true) #Pin MyDocuments $path = "\\mydomain.com\users\$username" $objWMI = [wmiclass]\\.\root\cimv2:win32_offlinefilescache $objWMI.Pin($path, 0x00001221, $true)   Work Folders are only able to sync users documents. It can't be used to sync AppData or anything else. It's designed for syncing files that can then be accessed across different user devices (Android/iOS phones etc). Sp it appears that Microsoft have made Offline Files all but useless and have not provided any real replacement. And there appears to be little information about what's going on. I'vr searched everywhere and no one has any details. And I've posted a few places and no one has been able to provide any answers. There's a Registry setting to try and handle conflict resolution but it doesn't appear to work: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache\SyncConflictHandling REG_EXPAND_SZ \\mydomain.com\AppData\ 1 Anyone have any idea to get conflict resolution working?

Has anyone been able to configure this? Specifically via Group Policy. See full details of the issue at https://www.windows-noob.com/forums/topic/14390-windows-10-offline-files-gpo/

After a LOT of Googling I finally came across this. Some call it a "bug", some call it a "feature". It has only just stopped working in build 1511. It appears that 'Offline Files' is not the way to go. It looks like the way forward is with 'Work Folders' so I'll need to do some reading on that. UPDATE: It doesn't look like this is the issue. The 'Continuous Availability' setting is on W2K12 but I've got W2K8R2. I've checked the shares anyway and the offline ability is enabled. The CA issue also says that offline files can't be enabled manually but I can do that - the issue is that I can't get it to enable automatically. The use of 'Work Folders' is quite different and would require some deep investigstation and configuration. As 'Offline Files' works but only when enabled manually there appears to be a problem with the automatic configuration of this in Win10 (specifically I'm using 10586.494 - July 2016 update). Anyone come across this issue and got 'Offline Files' working? Or have any thoughts? UPDATE: Some more Googling found lots of references to failing to start the service eg this but the registry change still doesn't resolve the issue. I got the Win10Edu ISO and built a basic laptop and offline files worked. I added it to the domain and it worked. I applied the GPOs and it worked. So something in the SCCM WIM is causing the problem. The reports about the service failing to start mention the offline files must be disabled before capturing the image but I don't think this is the case as the registry entry should resolve it. I suspect something has been disabled/removed before the capture was taken and I'll need to follow up with who did that to find out more. UPDATE: So, building with a base ISO and building with a previous WIM both work so there's something in the latest WIM that is stopping Offline Files from working. But......despite these builds working as far as enabling Offline Files things like automatic sync don't work. In Sync Centre the sync partnership is created but a full sync is not done. And despite th GPO configured for sync during logon/logoff/suspend this is not done. A manual setup for a sync schedule is able to be done but the settings differ from what is possible in the GPO - the schedule has logon (but no logoff), idle timeout, lock and unlock. This sync schedule doesn't create anything in Task Scheduler so they can't be copied from there and distrubuted to other PCs. Speaking of Task Scheduler there are 2 entries in there (in LIbrary/Microsoft/Windows/Offline Files) for background and logon but they're disabled. Has anyone been able to successfully configure Offline Files on Win10 via GPO????

I'm trying to force offline files for laptops. I have 2x GPOs - one for computer and one for user. GPO settings are below. With this configured files are not automatically available offline. The users' folders are redirected via another GPO to \\domain.com\users\users\%username%\ and this is configured in the user GPO under 'Specify administratively assigned offline files'. When going to 'Sync Center' in Control Panel and clicking 'Manage Offline Files' it says 'Offline Files is currently disabled' and there is a button to 'Enable offline files'. Sure, if the user selects this then files are synced but they shouldn't have to do this - it should be automatic. What's missing to automate this for the users?

Interestingly there's no such option for 'operating system drives'. The ability to turn off BitLocker is controlled by local administrative privileges.

Scratch that.....found the GPO setting. Computer Configuration/Policies/Administrative Templates/Windows Components/BitLocker Drive Encryption/Removable Data Drives/Control use of BitLocker on removable drives/ Allow users to suspect and decrypt BitLocker protection on removable data drives - untick It's a bit confusing because in Control Panel/Manage BitLocker it still shows the option to 'Turn off BitLocker' and when clicking it it still prompts if you want to do it and only then does it say that a GPO denies the ability. Removing the ability to access Control Panel/Manage BitLocker is probably the best idea to stop users from even seeing this. Users put a USB drive in, it prompts to put a password on (or leave it read only) and that's it. From then on the drive is encrypted and can only be temporarily unlocked by the user with the password and also by admin using the recovery key.