[Configuration Items and Baslines]

Hi, has anyone had any luck and been able to setup a Configuration item and baselines to detect versions of Mimecast for Outlook? I tried to create Query based collections to only include older versions so that I can deploy the updated version to those clients, but I am having an issue with my collections. Is it possible to setup this via CIs?

[Remove Built in Apps from 20H2]

Any ideas?

[Remove Built in Apps from 20H2]

I use this : Windows 10 remove builtin apps script with multiple version support - CCMEXEC.COM - Enterprise Mobility

I created the 20H2 files and named them 19042 as well. Then created the package. None of these applications get removed though:

microsoft.windowscommunicationsapps
Microsoft.WindowsAlarms
Microsoft.SkypeApp
Microsoft.ZuneVideo
Microsoft.ZuneMusic
Microsoft.YourPhone
Microsoft.XboxApp
Microsoft.WindowsSoundRecorder
Microsoft.Wallet
Microsoft.People
Microsoft.OneConnect
Microsoft.Office.OneNote
Microsoft.MixedReality.Portal
Microsoft.MicrosoftStickyNotes
Microsoft.MicrosoftSolitaireCollection
Microsoft.MicrosoftOfficeHub
Microsoft.Microsoft3DViewer
Microsoft.Messaging
Microsoft.Getstarted
Microsoft.GetHelp
Microsoft.WindowsFeedbackHub               
Microsoft.WindowsMaps                      
Microsoft.BingWeather
Microsoft.XboxGameOverlay
Microsoft.XboxGamingOverlay
Microsoft.XboxIdentityProvider
Microsoft.XboxSpeechToTextOverlay
Microsoft.WindowsStore
Microsoft.StorePurchaseApp
Microsoft.XboxGameCallableUI

Task Sequence

 

Package location

[Remove Built in Apps from 20H2]

I've tried 2 scripts I found online but they didn't work. After the task sequence completed, the apps were still there. 

I'll post the links if which ones I used and a screenshot of my task sequence a bit later. 

[Remove Built in Apps from 20H2]

The ones like Candy Crush, Xbox, Mail, and any others catagorised as bloatware

[Remove Built in Apps from 20H2]

Bump

[Remove Built in Apps from 20H2]

Hi all. 

Is it possible to remove Built in Apps from 20H2 during TS?

[ADR not downloading updates]

13 hours ago, anyweb said:

which version of configmgr ?

2006. I had to run a new Sync. After that, all the new patches were downloaded. S

Strange problem, but glad the sync resolved the issues.

[ADR not downloading updates]

Has anybody experience this issue with patches not downloading. I am having this problem for October? My ADR is running with no errors, but no updates are being downloaded. Last month's ADR and downloads

went off without a hitch

 

Rule Engine Error

ADR - no problems

 

ADR settings

 

No patches under Preview

[Delegated Access to a Collection]

So basically, this is what I did:

1. Added a Domain security group to the Remote Tools Operator Group.
2. Went to Only the instances of objects that are assigned to the specified security scopes and collections. Removed everything from there except Default Security Scope and Add added the collection I want the group to have access too.
3. User then logs into the SCCM console, but can see everything on SCCM. He does not have access on the other collections, but can still see everything else. I want to only allow them t see the collections they have access too.

[Delegated Access to a Collection]

sorry I meant I download this version: https://www.microsoft.com/en-us/download/details.aspx?id=29265

My CM version is on build 2006.

RBA Viewer does not launch. 

[Delegated Access to a Collection]

I tried to install this version but it keeps crashing.

I am on CB 2006

[Delegated Access to a Collection]

I have setup delegated access to a few collections. Is it possible to only  view those collections when they login to CM?

[Install drivers via task sequence]

I also tested with a Apply Auto Drivers, and still failed.

 

smsts.log

[Install drivers via task sequence]

Currently on on V1906. Had about 50 laptops imaged, but the drivers where not included in the task sequence. 

I am trying to deploy the drivers to a collection that includes all the new laptops via a TS but keeping getting the errors below.

smsts.log

[LDAP Queries for user accounts and groups]

I am busy with a project were I need to restructure my current AD and decommission 2 Domain Controllers. This involves creating new OUs and moving user accounts/service accounts and groups to different OUs as well.

Is it possible to run a PS command, or any type of report to determine if any applications are using those particular DC's for LDAP queries, and also which accounts and groups are also being used? We have 100s of applications and no documentation for the setup on them. If I can get a report of which IP is talking to the DC for LDAP a query, I can use that to match my application so narrow down and get the application updated to use the new DC. I can also do the same for the accounts as well. 

[LDAP Queries on user accounts]

I am currently busy with a new AD structure. Basically moving accounts around, creating, re-naming, and deleting OUs, etc. There are tons of AD accounts that are being used for LDAP queries that have not been documented. Is there a way I can find out which AD accounts are linked or being used for queries by different applications? 

[Auto Deployment Rule download failing]

My Auto Deployment Rule keeps failing with error code 0X87D20417.

 

RULEENGINE.LOG
STATMSG: ID=8706 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_RULE_ENGINE" SYS=MDBXDXVMSC4PR.MDD.NET SITE=MDD PID=2260 TID=10292 GMTDATE=Wed Jan 01 22:22:35.253 2020 ISTR0="SMS Rule Engine" ISTR1="Failed to download one or more content files" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
Creating Software Update Group for ADR SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    Parsing Deployment Action XML... SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    Parsing Rule XML... SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
Could not find element UpdateGroupName SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    SQL is: select cis.CI_ID from vCI_ConfigurationItems cis join vProvisionedCIs pci on cis.CI_ID = pci.CI_ID where cis.CI_ID in (16786503, 16786587, 16791268, 16791274, 16791276, 16791278, 16791280, 16791282, 16791284, 16791288, 16791294, 16791296, 16791298, 16791300, 16791302, 16791304, 16791306, 16791308, 16791310, 16791312, 16791314, 16791316, 16791318, 16791320, 16791322, 16791324, 16791326, 16791328, 16791330) order by cis.CI_ID SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
      1 of 29 updates are downloaded and will be added to the Deployment. SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    SQL is: select CI_UniqueID from vCI_ConfigurationItems where CI_ID in (16786587) order by CI_ID SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    SQL is: select distinct cira.ReferencedCI_ID from v_CIRelation_All cira ~join v_AuthListInfo ugi on cira.CI_ID = ugi.CI_ID~where ugi.CI_UniqueID = 'ScopeId_B94EC0F7-2C2C-4E50-B68F-11FB622D6FB1/AuthList_dfdbf548-9942-4b92-8177-09b7c8ff5ecb'~and cira.RelationType = 1 and cira.Level = 1 order by cira.ReferencedCI_ID SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
The rule found no new updates. Skipping update group creation or update SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
Enforcing Create Deployment Action SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
  Create Deployment Rule Action XML is: <DeploymentCreationActionXML xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><DeploymentId>{2fd237bf-9eea-4245-b3c4-21fe97deef0f}</DeploymentId><DeploymentNumber>0</DeploymentNumber><CollectionId>MDD000B5</CollectionId><IncludeSub>true</IncludeSub><Utc>false</Utc><Duration>14</Duration><DurationUnits>Days</DurationUnits><AvailableDeltaDuration>0</AvailableDeltaDuration><AvailableDeltaDurationUnits>Hours</AvailableDeltaDurationUnits><SoftDeadlineEnabled>false</SoftDeadlineEnabled><SuppressServers>Checked</SuppressServers><SuppressWorkstations>Unchecked</SuppressWorkstations><PersistOnWriteFilterDevices>Unchecked</PersistOnWriteFilterDevices><RequirePostRebootFullScan>Unchecked</RequirePostRebootFullScan><AllowRestart>false</AllowRestart><DisableMomAlert>false</DisableMomAlert><GenerateMomAlert>false</GenerateMomAlert><UseRemoteDP>false</UseRemoteDP><UseUnprotectedDP>true</UseUnprotectedDP><UseBranchCache>true</UseBranchCache><EnableDeployment>true</EnableDeployment><EnableWakeOnLan>false</EnableWakeOnLan><AllowDownloadOutSW>false</AllowDownloadOutSW><AllowInstallOutSW>true</AllowInstallOutSW><EnableAlert>false</EnableAlert><AlertThresholdPercentage>0</AlertThresholdPercentage><AlertDuration>2</AlertDuration><AlertDurationUnits>Weeks</AlertDurationUnits><EnableNAPEnforcement>false</EnableNAPEnforcement><UserNotificationOption>DisplayAll</UserNotificationOption><LimitStateMessageVerbosity>true</LimitStateMessageVerbosity><StateMessageVerbosity>1</StateMessageVerbosity><AllowWUMU>false</AllowWUMU><AllowUseMeteredNetwork>false</AllowUseMeteredNetwork></DeploymentCreationActionXML> SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
  Rule XML is: <AutoDeploymentRule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <DeploymentId></DeploymentId> <DeploymentName>Windows Updates | Servers</DeploymentName> <UpdateGroupId>ScopeId_B94EC0F7-2C2C-4E50-B68F-11FB622D6FB1/AuthList_dfdbf548-9942-4b92-8177-09b7c8ff5ecb</UpdateGroupId> <UpdateGroupName></UpdateGroupName> <LocaleId>1033</LocaleId> <UseSameDeployment>false</UseSameDeployment> <AlignWithSyncSchedule>false</AlignWithSyncSchedule> <NoEULAUpdates>false</NoEULAUpdates> <EnableAfterCreate>true</EnableAfterCreate> <ScopeIDs><ScopeID>SMS00UNA</ScopeID> </ScopeIDs> <EnableFailureAlert>true</EnableFailureAlert> <IsServicingPlan>false</IsServicingPlan> <IsOldUpdateGroupCurrent>true</IsOldUpdateGroupCurrent> </AutoDeploymentRule> SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
  Criteria Filter Result XML is: <AutoDeploymentRule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <DeploymentId></DeploymentId> <DeploymentName>Windows Updates | Servers</DeploymentName> <UpdateGroupId>ScopeId_B94EC0F7-2C2C-4E50-B68F-11FB622D6FB1/AuthList_dfdbf548-9942-4b92-8177-09b7c8ff5ecb</UpdateGroupId> <UpdateGroupName></UpdateGroupName> <LocaleId>1033</LocaleId> <UseSameDeployment>false</UseSameDeployment> <AlignWithSyncSchedule>false</AlignWithSyncSchedule> <NoEULAUpdates>false</NoEULAUpdates> <EnableAfterCreate>true</EnableAfterCreate> <ScopeIDs><ScopeID>SMS00UNA</ScopeID> </ScopeIDs> <EnableFailureAlert>true</EnableFailureAlert> <IsServicingPlan>false</IsServicingPlan> <IsOldUpdateGroupCurrent>true</IsOldUpdateGroupCurrent> </AutoDeploymentRule> SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    Parsing Deployment Action XML... SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    Parsing Rule XML... SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    SQL is: select cis.CI_ID from vCI_ConfigurationItems cis join vProvisionedCIs pci on cis.CI_ID = pci.CI_ID where cis.CI_ID in (16786503, 16786587, 16791268, 16791274, 16791276, 16791278, 16791280, 16791282, 16791284, 16791288, 16791294, 16791296, 16791298, 16791300, 16791302, 16791304, 16791306, 16791308, 16791310, 16791312, 16791314, 16791316, 16791318, 16791320, 16791322, 16791324, 16791326, 16791328, 16791330) order by cis.CI_ID SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
      1 of 29 updates are downloaded and will be added to the Deployment. SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
    SQL is: select CI_UniqueID from vCI_ConfigurationItems where CI_ID in (16786587) order by CI_ID SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
The rule found no new updates. Skipping deployment creation or update SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
CRuleHandler: Enforcing Actions for Rule 4 failed! SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
CRuleHandler: ResetRulesAndCleanUp() SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
Rule result is: 0 SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
CRuleHandler::CreateFailureAlert - Alert ID = 16777234 SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
Updated Failure Information for Rule: 4 SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
CRuleHandler: Deleting Rule 4 SMS_RULE_ENGINE 2020/01/02 12:22:35 AM 10292 (0x2834)
Found notification file D:\Program Files\Microsoft Configuration Manager\inboxes\RuleEngine.box\4.RUL SMS_RULE_ENGINE 2020/01/02 12:22:40 AM 10292 (0x2834)

PATCHDOWNLOADER.LOG
Contentsource = http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/12/windows6.0-kb4530719-x86_14639e5636336bd9a2d2c5053299e8079cbc8c31.cab . Software Updates Patch Downloader 2020/01/02 12:31:21 AM 10292 (0x2834)
Query to run: select f.FileName, ct.ContentSource from SMS_CIToContent c join SMS_CIContentFiles f on c.ContentID = f.ContentID join SMS_Content ct on c.ContentID = ct.ContentID where c.ContentDownloaded = 1 and f.FileHash = 'SHA1:14639E5636336BD9A2D2C5053299E8079CBC8C31' Software Updates Patch Downloader 2020/01/02 12:31:22 AM 10292 (0x2834)
Downloading content for ContentID = 16787234,  FileName = Windows6.0-KB4530719-x86.cab. Software Updates Patch Downloader 2020/01/02 12:31:22 AM 10292 (0x2834)
Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-" Software Updates Patch Downloader 2020/01/02 12:31:22 AM 10376 (0x2888)
HttpSendRequest failed HTTP_STATUS_PROXY_AUTH_REQ Software Updates Patch Downloader 2020/01/02 12:31:22 AM 10376 (0x2888)
Download http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/12/windows6.0-kb4530719-x86_14639e5636336bd9a2d2c5053299e8079cbc8c31.cab to C:\Windows\TEMP\CAB5084.tmp returns 407 Software Updates Patch Downloader 2020/01/02 12:31:22 AM 10376 (0x2888)
ERROR: DownloadContentFiles() failed with hr=0x80070197 Software Updates Patch Downloader 2020/01/02 12:31:22 AM 10292 (0x2834)

 

[Issue with Upgrade Task Sequence Reporting]

2 hours ago, madhusunke said:

have you tried running hardware inventory and check ?

I have and it made no difference - on my other deployment which was more than 7 days ago, those machines show the same

[Issue with Upgrade Task Sequence Reporting]

I have a strange problem with reporting. I have created my upgrade TS to upgrade to from Windows 7 to Windows 10. The TS runs successfully and the machine does upgrade with no issues. My problem is that SCCM is stills reporting that the machines are still on Windows 7. Any suggestions on how to resolve this issue. I have even tried to create a new TS, but that made no difference.

[Minimum Requires for Intune and Bitlocker]

Alternatively, does anybody have a link that has the minimum requirements for BitLocker Management via Intune - trying to Google, but nothing easily found

[Minimum Requires for Intune and Bitlocker]

Can on Prem AD joined machines be used for Intune Bitlocker deployment, or do all machines have to be Azure joined?

Would all users require E3 or higher for Bitlocker deployment?

[Updates not downloading or installing on clients]

I have an issue with my CB setup. I have a single MP and 4 different sites. I have 4 boundary groups with a single DP in each group. MY MP also has the DP role as there are servers in the same site as my MP that require updates downloaded to them - those are working fine. The other servers only have the DP roles setup. 

My issue is that updates are being deployed to my remote sites. They only download and install if I add my MP into my boundary group however that is defeating the purpose as clients then access updates over the WAN. Once I remove it, I dont get the deployments. Content has been deployed to all DP's

Logs from one of clients at the remote site

Data transfer Log:

DTS job {D058F6ED-9563-4060-949A-8BBDB033B719} has completed:
    Status : SUCCESS,
    Start time : 08/22/2019 18:01:57,
    Completion time : 08/22/2019 18:02:24,
    Elapsed time : 27 seconds    DataTransferService    22 Aug 2019 18:02:24    4628 (0x1214)
UpdateURLWithTransportSettings(): OLD URL - MP SERVER NAME/SMS_MP    DataTransferService    22 Aug 2019 21:28:56    2136 (0x0858)
UpdateURLWithTransportSettings(): NEW URL - MP SERVER NAME:80/SMS_MP    DataTransferService    22 Aug 2019 21:28:56    2136 (0x0858)
Added (source=.sms_pol?{fa212c1c-7a97-4736-a3be-1d1cdaed1c1c}.427_00,dest={9EF35546-5A6D-46FD-9BCF-8A0D4C9194D7}.tmp) pair from manifest.    DataTransferService    22 Aug 2019 21:28:56    2136 (0x0858)
DTSJob {020B3E9F-D5B4-470C-94C6-F1909A3B2DF8} created to download from 'MP SERVER NAME:80/SMS_MP' to 'C:\Windows\CCM\Temp'.    DataTransferService    22 Aug 2019 21:28:56    2136 (0x0858)
DTSJob {020B3E9F-D5B4-470C-94C6-F1909A3B2DF8} in state 'PendingDownload'.    DataTransferService    22 Aug 2019 21:28:56    4996 (0x1384)

 

WUHandler

Its a WSUS Update Source type ({4AC8EAF8-6E98-44AE-A63D-934500C6A750}), adding it.    WUAHandler    23 Apr 2019 11:09:57    5956 (0x1744)
Device is not MDM enrolled yet. All workloads are managed by SCCM.    WUAHandler    23 Apr 2019 11:09:57    3724 (0x0E8C)
SourceManager::GetIsWUfBEnabled - There is no Windows Update for Business settings assignment. Windows Update for Business is not enabled through ConfigMgr    WUAHandler    23 Apr 2019 11:09:57    3724 (0x0E8C)
Existing WUA Managed server was already set (MP SERVER NAME:8530), skipping Group Policy registration.    WUAHandler    23 Apr 2019 11:09:57    5956 (0x1744)
Added Update Source ({4AC8EAF8-6E98-44AE-A63D-934500C6A750}) of content type: 2    WUAHandler    23 Apr 2019 11:09:57    5956 (0x1744)

Location Services

WSUS Path='MP SERVER NAME:8530', Server='MP SERVER NAME', Version='425', LocalityEx='SITE', SUPFallbackIn='360'    LocationServices    23 Aug 2019 08:14:12    3240 (0x0CA8)
Calling back with locations for WSUS request {34920EF8-27DD-4D2B-8902-E83C0253F321}    LocationServices    23 Aug 2019 08:14:12    3240 (0x0CA8)
Current AD site of machine is DBN    LocationServices    23 Aug 2019 08:18:20    2956 (0x0B8C)
Created and Sent Location Request '{C63AD811-555D-456A-B590-F4FF5B56354C}' for package {4AC8EAF8-6E98-44AE-A63D-934500C6A750}    LocationServices    23 Aug 2019 08:18:21    2956 (0x0B8C)
Calling back with the following WSUS locations    LocationServices    23 Aug 2019 08:18:21    2352 (0x0930)
WSUS Path='MP SERVER NAME:8530', Server='MP SERVER NAME', Version='425', LocalityEx='SITE', SUPFallbackIn='360'    LocationServices    23 Aug 2019 08:18:21    2352 (0x0930)
Calling back with locations for WSUS request {C63AD811-555D-456A-B590-F4FF5B56354C}    LocationServices    23 Aug 2019 08:18:22    2352 (0x0930)

 

[Cant Install O365]

are you guys able to deploy Office 365 within your task sequence when deploying a new machine. My standard deployment to a machine works, however new deployments are not. TS keeps failing on the Office install part

[Free Disk Space Report]

I have setup my Free disk report, however it only allows me to select the default groups of servers. Is there a way I can setup the report for any of my custom groups?