Remove desktop shortcuts for the current user and public profile using PowerShell and Proactive Remediations

by

Introduction

I think most IT-professionals who’s working with software delivery in some sort, has dealt with software and software installers in general, that puts a shortcut on the desktop by default. Annoying indeed.

Typically you’re in for a treat, when trying to figure out how to customize the installer, to prevent the shortcut on the desktop from being created. It’s not rare either, that the installer simply doesn’t support that.

And finally, we are all aware of the desktop-shortcut-mess, when using OneDrive PC folder backup (formerly known as ‘Known Folder Move’), where shortcuts are duplicated and synced between devices. Yikes.

Long story short, I was tired of spending time on desktop shortcuts, so I figured it was time to create my own solution to the problem.

Read more…

Using Filters with Conditional Access: Protect your privileged users with an additional layer of security

by

Introduction

So, I’m quite far behind in my blogging schedule, and I’m merely picking up on a feature which released in preview back some time in May. Luckily, this doesn’t impact the importance of the topic, and therefore I’m still putting it out there.

A neat example of putting Filters to use with Conditional Access, is by protecting your privileged users, like your Global Administrators, with an additional layer, only allowing access to resources if coming from specific devices.

Curious? This post will walk you through how to achieve just that. 🙂

Read more…

Install the new Remote Desktop Connection Manager (RDCMan) with ConfigMgr and PowerShell

by

Introduction

Another kickstarting blog post, getting into the swing of things again after a somewhat lacking period.

Now, RDCman has been revived and arrived last week in a new version 2.8.

For fun and giggles, I did a short PowerShell script which uninstalls the old version (2.7, registered with windows installer) and downloads the new version 2.8 directly from live.sysinternals.com.

This is a little something on the script itself and how to put that to use with ConfigMgr.

Read more…

Connect to your Configuration Manager environment with PowerShell ISE addons

by

Introduction

A quick post, serving as a kickstarter for my blogging activities, here (almost) post the covid-19 situation.

Today’s topic is probably not something new for a lot of the amazing IT-pros, who’s already familiar with PowerShell ISE and the Configuration Manager PowerShell module.

Nonetheless, I figured this would be a great way to kickstart my blogging activities, while someone else hopefully will learn something new along the way.

Read more…

Windows 10 Toast Notification Script Update: Improved re-run behavior with ConfigMgr and allow running in SYSTEM context

by

Introduction

A new version of the Windows 10 Toast Notification Script is here. The script is now being on version 2.2.0.

This version brings the option to run the script and thus display toast notifications coming from SYSTEM context.

A requirement has been so far, that the script is being run with the logged on user’s credentials. This is still recommended, but for scenarios where this is not possible, like running this with a task sequence (task sequences always run as local system), this new ability will give you the option to display toast notification for the logged on user, even if coming from local system context.

The work done here, with running the script under SYSTEM, is entirely done by Andrew. Thank you!

Also, with a built-in prevention of having multiple toast notifications being displayed in a row, the script is now also better at handling the re-run behavior in ConfigMgr. Having multiple toast notification displayed in a row, is something that can happen, if a device misses a deployment schedule. The nature of ConfigMgr is to catch up on the missed schedule, and this can lead to multiple toast notifications being displayed.

Read more…

Configure Microsoft Teams application settings using PowerShell and Proactive Remediations in Microsoft Endpoint Manager

by

Introduction

Almost a year ago, I wrote a blog post on how to configure Microsoft Teams application settings using Configuration Manager and Powershell. For good measures, find this post in the link below:

Not too long ago, I started getting some reports on, that Teams is no longer picking up the changes made to the config.json and that Teams is hanging at the loading screen. I initially tried to reproduce, but was unable to.

I decided to invest some more time into the issue, and ended up being able to reproduce and find the cause. In the process of troubleshooting, I decided to try and move this into Proactive Remediations in Microsoft Endpoint Manager as well. The result made up this blog post.

Below a quick illustration of running the solution manually. The detection script detects that Microsoft Teams needs its settings configured, and the configure script carries out the configuration.

Read more…

Configuring Microsoft Edge and ‘Always allow to open links of this type in the associated app’ using Microsoft Endpoint Manager

by

Introduction

This is just a really quick post, describing how you configure Microsoft Edge to always – and without prompting the user – open certain links in their associated application.

This might seem like an odd and out of the ordinary post, but I needed this myself, and failed to find the relevant details described properly anywhere.

The mentioned prompt is something that’s generated when opening links to Teams meetings, or when trying to open Office documents in their respective desktop application.

Prompts which in most cases are irrelevant to the end-users, and by eliminating those, the user-experience is improved by a little. TL:DR down below.

Read more…

Notify users when their device is running low on disk space using Toast Notifications and Endpoint Analytics Proactive Remediations

by

Introduction

This is a follow up, on the post I did a few weeks ago, on notifying users with devices being low on disk space, using Toast Notifications and Configuration Manager

This time, I’m moving all of it, into the Endpoint Analytics Proactive Remediations feature of Microsoft Endpoint Manager Intune. This will actually simplify things a lot, as it removes the need for custom collections, Configuration Items and Baselines.

Read more…

Move away from Group Policy and set wallpaper and lock screen images with local source files and Microsoft Endpoint Manager Intune

by

Introduction

This is something I currently just have done myself, in our own environment, and while it’s neither super technical nor advanced, then I figured it deserved some attention regardless.

I assume most hybrid (co-managed) environments still look towards Group Policy when doing this, because it’s easy and what we’ve always been doing. I’m regularly asked to change our desktop wallpaper and lock screen images, and when things needs to be done in a hurry, you usually stick to the easy solution.

This time though, I was stubborn and insisted on moving away from Group Policy and do it with Intune. The process made up this short blog post. 🙂

Read more…

Notify users when their device is running low on disk space using Toast Notifications and Configuration Manager

by

Introduction

This is a specific need, that I just started having myself with my Windows Servicing process. I wanted to notify my users, if their devices are running low on disk space, prior to catching it with the precaching/readiness portion of my Windows as a Service process.

This is then done, with the hope of the users taking the required actions, before I spot the low disk space issues when precaching the Windows 10 upgrade, as this essentially will cause a failure.

So this post will give you the details on how to do that, using my Toast Notification Script and Configuration Manager. This can be achieved with Microsoft Intune as well, using the Proactive Remediations feature. My next blog post will cover that approach. 🙂

Read more…