Notify users when their device is running low on disk space using Toast Notifications and Configuration Manager

by

Introduction

This is a specific need, that I just started having myself with my Windows Servicing process. I wanted to notify my users, if their devices are running low on disk space, prior to catching it with the precaching/readiness portion of my Windows as a Service process.

This is then done, with the hope of the users taking the required actions, before I spot the low disk space issues when precaching the Windows 10 upgrade, as this essentially will cause a failure.

So this post will give you the details on how to do that, using my Toast Notification Script and Configuration Manager. This can be achieved with Microsoft Intune as well, using the Proactive Remediations feature. My next blog post will cover that approach. 🙂

Read more…

Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 2

by

Introduction

Yes! It’s true. I’m still leveraging Task Sequences and Configuration Manager to upgrade Windows 10.

I’m also Co-managing my devices and deploy regular updates via Windows Update for Business. Just not feature updates. I fancy the full-control approach, taking the opportunity to update BIOS and drivers while at it. Everything works directly over the Internet via the Cloud Management Gateway. No hard requirements in being on-premises or on VPN.

I have previously shared my precache and in-place upgrade task sequences. A lot have happened since then, and I wanted to take the opportunity to share my updated approach in details.

I’m covering each and every step, just like I did in my previous blog posts. Some steps are exactly the same, but in order to fully supersede the old posts, I’m covering everything in details here.

Now, I can’t go over explaining my WaaS process without mentioning THE OSD experts Gary Blok, Mike Terrill. They are tirelessly sharing their approach as well. If you are looking for a WaaS solution on steroids, I suggest you head over to garytown.com and miketerrill.net for inspiration.

If you are looking for something less advanced, then you are at the right place. With that being said, some of the stuff I do, is done with inspiration from what Gary is sharing at garytown.com – just without the steroids. 😛

And yes! The task sequence will be available for download in the very end of the post!

Let’s get to it. 🙂

Part 1: Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 1

Read more…

Setting up Microsoft Tunnel Gateway with Microsoft Endpoint Manager and Linux VM(s) in Azure

by

Introduction

I typically blog about topics, that I’m currently addressing in my own daily work, and this time is no different.

Covid-19 surely has a saying on this particular topic as well, and empowering our users to do more, working securely from home and remote, is key.

In that regard, we needed a simple VPN solution for our iOS devices, and while making my way through the setup and configuration of Microsoft Tunnel Gateway, I decided it was worth blogging as well.

This post will walk you through everything you need know, in order to successfully setup Microsoft Tunnel Gateway as a proof of concept.

This includes:

  • Creating the VM(s) in Azure
  • Assigning static public IP
  • Hardening of the inbound traffic
  • Configuring public DNS record
  • SSH’ing to the Linux server
  • Installing Docker on Linux
  • Setting up configuration in Microsoft Endpoint Manager
  • Installing Microsoft Tunnel on Linux
    • Copying down TLS certificate to Linux
  • Deploying VPN profile in Microsoft Endpoint Manager
  • Verifying connection to VPN on iOS is successful

Read more…

Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 1

by

Introduction

Yes! It’s true. I’m still leveraging Task Sequences and Configuration Manager to upgrade Windows 10.

I’m also Co-managing my devices and deploy regular updates via Windows Update for Business. Just not feature updates. I fancy the full-control approach, taking the opportunity to update BIOS and drivers while at it. Everything works directly over the Internet via the Cloud Management Gateway. No hard requirements in being on-premises or on VPN.

I have previously shared my precache and in-place upgrade task sequences. A lot have happened since then, and I wanted to take the opportunity to share my updated approach in details.

I’m covering each and every step, just like I did in my previous blog posts. Some steps are exactly the same, but in order to fully supersede the old posts, I’m covering everything in details here.

Now, I can’t go over explaining my WaaS process without mentioning THE OSD experts Gary Blok, Mike Terrill. They are tirelessly sharing their approach as well. If you are looking for a WaaS solution on steroids, I suggest you head over to garytown.com and miketerrill.net for inspiration.

If you are looking for something less advanced, then you are at the right place. With that being said, some of the stuff I do, is done with inspiration from what Gary is sharing at garytown.com – just without the steroids. 😛

And yes! The task sequence will be available for download in the very end of the post!

Let’s get to it. 🙂

Part 2: Windows as a Service: Sharing my PreCache and In-Place Upgrade Task Sequences – 20H2 edition, part 2

Read more…

Windows 10 Toast Notification Script Update: Second action button and built-in prevention from disabling toast notifications

by

Introduction

A new version of the Windows 10 Toast Notification Script is here. The script is now being on version 2.1.0.

This version brings the option to add a second action button to the toast notification (displayed in the illustration below), as well as a built-in functionality to prevent users from disabling toast notifications in Windows 10 altogether.

A second action button is useful in many scenarios. One being with a Windows 10 upgrade, where you, besides the actual upgrade, also have some additional information for the user. In this example, Install Now will launch the actual upgrade, while Learn More will open a specific web page in the browser.

Prevention from disabling toast notifications is stolen with pride from Trevor Jones, and is incorporated into my script. More details down below. 🙂

Read more…

Deploy RSAT (Remote Server Administration Tools) for Windows 10 v20H2 using ConfigMgr and PowerShell

by

Introduction

This is becoming quite the tradition, and based on the count of views of my previous posts, a popular one indeed. 🙂

I’m a man of traditions, so I’m sticking true to that, and therefore updated my PowerShell script which will enable you to install RSAT for Windows 10 v20H2 automatically and unattended.

The script received some minor changes, and is now also capable of temporarily disabling WSUS, and re-enabling it again post installation.

Over the years and since I created the first script, I have received a lot of comments saying, that if a device is configured to use WSUS, installation of Features on Demand may fail if certain configuration is not in place. So this is another attempt to have the most success with the use of my script.

Read more…

Precache and update drivers as WIM during In-Place Upgrade Task Sequences with Configuration Manager

by

Introduction

Not too long ago, I did a post on how to apply drivers compressed with WIM during OSD with Configuration Manager.

Continuing on the same topic and story about ‘Drivers as WIM’, I wanted to explore the option for using WIM when precaching and updating drivers during an In-Place Upgrade of Windows 10. The results made up this new blog post. 🙂

Read more…

Patch your Windows 10 media (used with In-Place Upgrades in ConfigMgr) with a new Setup Dynamic Update Package

by

Introduction

Patch Tuesday for October 2020 brought the usual updates, but also blessed us with a security update, that addresses a vulnerability found in the setup of Windows 10.

The article tells us to download the latest refreshed media from VLSC or MSDN, or download the latest applicable Setup Dynamic Update (DU) package and patch the media ourselves.

Now, as of writing, the official downloads has not been refreshed yet, so I wanted to get rid of the vulnerability and patch my existing media manually. The process I went through, made this post.

Update 28 October: Official and affected Windows 10 downloads are still not refreshed.

Read more…

Comparing Security Baselines in Endpoint Manager using Powershell and Microsoft Graph API

by

Introduction

I just very recently discovered, that a new version of the Security Baseline for Windows 10 was made available in Microsoft Endpoint Manager Intune.

It’s been a while since the last version, more than a year in fact, so it was a pleasant surprise seeing an update on this area.

Security Baselines, and those for Windows 10 in particular, consist of a lot settings. So I wondered what’s changed and started browsing and comparing the various settings via the admin portal.

Then I realized how that’s not very optimal, and began looking for alternatives. I eventually got myself into trying something new, and went on to compare the Security Baselines Profiles using Powershell and the Microsoft Graph. The result of that journey is this post. 🙂

Read more…

Windows 10 Toast Notification Script Update (Poolside Release): Dynamic Application deadline and custom action scripts updates

by

Introduction

This is just a minor release, with me making some few adjustments and further polishing of the script while being on vacation (hence the poolside reference). 😀

  • I’ve added the option to retrieve deployment deadline of applications dynamically, as well as reworked some of the custom scripts area.
  • Everything related to the script, is now located within the user’s profile in AppData\Roaming\ToastNotificationScript.
  • Custom scripts are moving away from ProgramData into AppData\Roaming\ToastNotificationScript\Scripts.

The script is now on version 2.0.2. Find all the details down below.

Read more…