smaunsell
-
Posts
18 -
Joined
-
Last visited
Posts posted by smaunsell
-
-
SUCCESS.....
New task:
Set Dynamic Variable IF Make equals "Microsoft Corporation" AND Model equals "Surface 3" THEN SET MyModel = "Surface 3"Update existing task:
Format and Partition Disk (Surface) 100% of reamining space on disk. NTFS file system. Options: Task Sequence Variable MyModel equals "Surface 3"Update existing task:
Format and Partition Disk (Standard) 100GB fixed size. NTFS file system. Options: Task Sequence Variable MyModel notequals "Surface 3"According to https://github.com/Microsoft/SCCMdocs/blob/master/sccm/osd/understand/task-sequence-steps.md
QuoteStarting in Configuration Manager version 1610, you can specify an asterisk (*) and question mark (?) as wild cards, where ***** matches multiple characters and ? matches a single character. For example, the string "DELL*900?" will match DELL-ABC-9001 and DELL9009.
but we're not on that version yet.
It looks like I'm at a point where I can image a Surface using simply a Microsoft USB Ethernet Adapter
-
On 1/04/2017 at 4:25 AM, keilamym said:
how about _SMSTSModel.
I notice that task sequence variables have conditions 'exists, not exists, equals, not equals etc' whereas WMI queries can have eg 'like' and use '%'. It's not clear, that I can find, if task sequence variables can use '%' eg '%surface%' to cover all Surface models.
I ran wmic csproduct get name from within Win10 and got Surface 3 so I added a task sequence variable of _SMSTSModel equals "Surface 3" and it failed. I also tried _SMSTSModel equals "%Surface%" and it failed.
Also checked the BIOS and got the serial number and added a task sequence variable of _SMSTSSerialNumber equals "12345678" and it didn't like that either.
-
On a side note.......is it possible to use the 'Format and Partition Disk' task and specify a model ie Surface to apply it to?
The current task sequence has:
2. Format and Partition Disk - BIOS This group/step will run if the following conditions are met: Task Sequence Variable _SMSTSClientCache not exists Task Sequence Variable _SMSTSMediaType not equals "OEMMedia" Task Sequence Variable _OSDMigrateUseHardlinks not equals "TRUE" Task Sequence Variable _SMSTSBootUEFI not equals "TRUE" Primary 350MB fixed Primary 100% of remaining space on disk 3. Format and Partition Disk - UEFI This group/step will run if the following conditions are met: Task Sequence Variable _SMSTSClientCache not exists Task Sequence Variable _SMSTSMediaType not equals "OEMMedia" Task Sequence Variable _OSDMigrateUseHardlinks not equals "TRUE" Task Sequence Variable _SMSTSBootUEFI equals "TRUE" Recovery 300MB fixed EFI 500MB fixed MSR 128MB fixed Primary 100GB fixedThe Surface is UEFI but has only 64GB so it fails trying to add a 100GB partition.
I'd like to have one task to add this 100GB on desktops but another task that uses 100% only on Surfaces. I can't find any task sequence variable that could be used to check the model (and WMI queries can't be used in WinPE).
Can this be done?
-
It's taken a while pulling them out & putting them back in one by one but I can confirm that to get the touchscreen working on a Surface 3 in WinPE it requires the following drivers be put in the boot image:
- Surface TouchScreen Device
- Intel Serial IO GPIO Controller
- Intel Serial IO SPI Controller
-
1
-
Progress........
I mentioned that I'd started with just the 'Surface TouchScreen Device' driver (you'd think the name would give away that it's what is needed!!) but that didn't work so I added any driver starting with "Surface" eg 'Surface Accessory Device", one by one but it still didn't work.
The link from keilamym mentioned that on an HP device it need the "firmware and chipset" driver. There's nothing obviously listed as this for the Surface so I just added all 36 drivers and.....the touchscreen works. Now it'll be a process of removing them one by one to work out which one(s) are actually needed. Once I've worked it out I'll post the details.
-
14 hours ago, anyweb said:
hmm i'm pretty sure it works here on Surface Pro 3, haven't tried Surface 3 though, what boot image are you using (from what ADK)
I'm not 100% sure as I didn't create it but I'd be pretty sure it's the Win10 1507 ADK. The version listed in SCCM is 10.0.10240.16384 which is 1507.
-
5 hours ago, keilamym said:
here when we image the Surface Pro, we just use a USB hub with an external mouse and keyboard. did you try that?
Yes, my original post says that's how I've been able to image the Surface. But ideally I'd like to not have to have to do this. I'd like to plug in the USB NIC, boot and press 'next, next, next' on the touchscreen.
-
I've downloaded the Surface 3 (not Pro) drivers and imported them into a Driver Package. I've edited a task sequence to add these drivers. I have configured the BIOS to boot from the official Microsoft USB NIC and have connected a USB hub with keyboard, mouse & NIC. I can successfully PXE boot and use the USB keyboard to start the process and it completes successfully. But......without the USB keyboard I'm unable to image the Surface.
When booting from the NIC it provides and on-screen keyboard to start the PXE process and that works. Once it gets into WinPE and provides the SCCM screens I can't use the touchscreen to select anything and therefore can't image the Surface.
I have edited the boot image and added the touchscreen drivers. I started with just the 'Surface Touchscreen Device (HIDClass)' but that didn't work so I began adding drivers one by one to find what was required. I ended up adding ALL the Surface drivers but it still wouldn't detect me touching the screen in WinPE.
Has anyone successfully got this to work? If so, what was required?
-
Soooooooo, it appears that GPOs for Offline Files are all but useless in Win10. Computer Policy can enable/disable and that's about it. The User Policy does nothing - the settings for sync only apply to old OSs.
I've had to use a logon script to add the locations that need to be synced:
The Computer Policy setting to 'Configure Background Sync' creates a scheduled task. Anther scheduled task is created (how??) to sync on logon (delayed by 4mins). But that's about all that can be done.
#Get current username $username = [Environment]::UserName #Pin AppData $path = \\mydomain.com\AppData\$username $objWMI = [wmiclass]\\.\root\cimv2:win32_offlinefilescache $objWMI.Pin($path, 0x00001221, $true) #Pin MyDocuments $path = "\\mydomain.com\users\$username" $objWMI = [wmiclass]\\.\root\cimv2:win32_offlinefilescache $objWMI.Pin($path, 0x00001221, $true)
Work Folders are only able to sync users documents. It can't be used to sync AppData or anything else. It's designed for syncing files that can then be accessed across different user devices (Android/iOS phones etc). Sp it appears that Microsoft have made Offline Files all but useless and have not provided any real replacement. And there appears to be little information about what's going on. I'vr searched everywhere and no one has any details. And I've posted a few places and no one has been able to provide any answers.
There's a Registry setting to try and handle conflict resolution but it doesn't appear to work:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache\SyncConflictHandling REG_EXPAND_SZ \\mydomain.com\AppData\ 1
Anyone have any idea to get conflict resolution working?
-
Has anyone been able to configure this? Specifically via Group Policy.
See full details of the issue at https://www.windows-noob.com/forums/topic/14390-windows-10-offline-files-gpo/
-
After a LOT of Googling I finally came across this. Some call it a "bug", some call it a "feature". It has only just stopped working in build 1511.
It appears that 'Offline Files' is not the way to go. It looks like the way forward is with 'Work Folders' so I'll need to do some reading on that.
UPDATE: It doesn't look like this is the issue. The 'Continuous Availability' setting is on W2K12 but I've got W2K8R2. I've checked the shares anyway and the offline ability is enabled. The CA issue also says that offline files can't be enabled manually but I can do that - the issue is that I can't get it to enable automatically. The use of 'Work Folders' is quite different and would require some deep investigstation and configuration.
As 'Offline Files' works but only when enabled manually there appears to be a problem with the automatic configuration of this in Win10 (specifically I'm using 10586.494 - July 2016 update).
Anyone come across this issue and got 'Offline Files' working? Or have any thoughts?
UPDATE: Some more Googling found lots of references to failing to start the service eg this but the registry change still doesn't resolve the issue.
I got the Win10Edu ISO and built a basic laptop and offline files worked. I added it to the domain and it worked. I applied the GPOs and it worked. So something in the SCCM WIM is causing the problem. The reports about the service failing to start mention the offline files must be disabled before capturing the image but I don't think this is the case as the registry entry should resolve it. I suspect something has been disabled/removed before the capture was taken and I'll need to follow up with who did that to find out more.
UPDATE: So, building with a base ISO and building with a previous WIM both work so there's something in the latest WIM that is stopping Offline Files from working. But......despite these builds working as far as enabling Offline Files things like automatic sync don't work. In Sync Centre the sync partnership is created but a full sync is not done. And despite th GPO configured for sync during logon/logoff/suspend this is not done. A manual setup for a sync schedule is able to be done but the settings differ from what is possible in the GPO - the schedule has logon (but no logoff), idle timeout, lock and unlock. This sync schedule doesn't create anything in Task Scheduler so they can't be copied from there and distrubuted to other PCs. Speaking of Task Scheduler there are 2 entries in there (in LIbrary/Microsoft/Windows/Offline Files) for background and logon but they're disabled.
Has anyone been able to successfully configure Offline Files on Win10 via GPO????
-
I'm trying to force offline files for laptops. I have 2x GPOs - one for computer and one for user.
GPO settings are below. With this configured files are not automatically available offline. The users' folders are redirected via another GPO to \\domain.com\users\users\%username%\ and this is configured in the user GPO under 'Specify administratively assigned offline files'.
When going to 'Sync Center' in Control Panel and clicking 'Manage Offline Files' it says 'Offline Files is currently disabled' and there is a button to 'Enable offline files'. Sure, if the user selects this then files are synced but they shouldn't have to do this - it should be automatic.
What's missing to automate this for the users?
-
Interestingly there's no such option for 'operating system drives'. The ability to turn off BitLocker is controlled by local administrative privileges.
-
Scratch that.....found the GPO setting.
Computer Configuration/Policies/Administrative Templates/Windows Components/BitLocker Drive Encryption/Removable Data Drives/Control use of BitLocker on removable drives/
Allow users to suspect and decrypt BitLocker protection on removable data drives - untick
It's a bit confusing because in Control Panel/Manage BitLocker it still shows the option to 'Turn off BitLocker' and when clicking it it still prompts if you want to do it and only then does it say that a GPO denies the ability.
Removing the ability to access Control Panel/Manage BitLocker is probably the best idea to stop users from even seeing this. Users put a USB drive in, it prompts to put a password on (or leave it read only) and that's it. From then on the drive is encrypted and can only be temporarily unlocked by the user with the password and also by admin using the recovery key.
-
It appears that if there's a wired connection then the logon screen doesn't show the WiFi connected. If wired is disconnected then it does show the WiFi connected. Odd but not the end of the world. There's no settings in BIOS or Windows to disable WiFi is wired is connected.......but this isn't happening as the WiFi isn't disabled it's just not showing connected.
-
I'm enabling BitLocker on enterprise Dell laptops and that is working fine. I'm now testing BitLocker To Go and have spotted a permissions issue.
It appears that users can control their own BitLocker To Go settings. It is possible, via Group Policy, to enforce passwords on USB drives and the user can then use this to unlock the drive. They can even change the password if required (the Recovery Key is still stored in AD using a GPO if they forget their password). But there is still the ability in 'Manage BitLocker' to turn off BitLocker To Go completely. This seems absurd! The idea of having BitLocker To Go on USB drives is to stop the theft of content if the drive is lost. Even if a password is on the drive the user could just decide to just turn it off and if the drive is lost then the content is accessible.
I can't find any GPO setting that would stop the ability for a user to turn this off. Nor can I find anything online about it. Surely I'm not the only one to have spotted this. Anyone thought about this and have a way to stop this? -
I'm new to SCCM and have been tasked with configuring a WiFi profile for new Win10 laptops.
I've created a WiFi profile with the required settings, deployed it to a device collection and confirmed that the laptop receives the config. The SSID is added/saved - in 'Manage WiFi Settings' it is listed under 'Manage known networks' - but it doesn't connect to the network. Multiple restarts fail to resolve this - it never connects automatically.
From either the logon screen or once logged on the user can click the SSID and it will connect and work perfectly. It just won't connect automatically. Once connected though it stays connected and the user doesn't have to do anything again.
Network name: MySSID
SSID: MySSID
Connect automatically when this network is in range: Yes
Look for other wireless networks while connected to this network: No
Connect when the network is not broadcasting: Yes
Security type: WPA2-Enterprise
Encryption: AES
EAP type: PEAP
____Verify the server's identity by validatin the certificate: No
____Enable Fast Reconnect: Yes
Trusted server certificate names: certsvr.mydomain.com
Select root certificates for server validation: root & intermediate uploaded & selected
Remember the user credentials at each logon: Yes
Authentication mode: User or computer authentication
Enable single sign-on for this network: Perform immediately before user log on
Proxy settings: None
Supported platforms: Windows 10
Any idea why it won't automatically connect? Am I missing something or is it just not possible?
Specific Windows Update required dependency for application
in System Center Configuration Manager (Current Branch)
Posted
I have an application that requires a specific Windows Update to be installed before the application can be. Is there a way to check for this update before installing?
Specifically, this is the Sophos Endpoint Protection from Sophos Central. Manually attempting to install without this update gives the message:
The KB article says:
Downloading the .msu file from the Microsoft Update Catalog fails the install saying "The update is not applicable to your computer" so it appears there are other updates that are needed before this one can be installed.
SCCM will push out all the updates that are required. It just takes time. I'd like an installer in Software Centre that either installs the dependencies or doesn't display as available until the dependencies have been installed. Is this possible? If so, how?