How to patch Third-Party applications using SCCM (System Center Configuration Manager) 1806 and Patch My PC

Introduction

Patching 3rd party applications can be a trivial and time consuming task, especially if doing everything yourself in terms of downloading the application, customizing for the enterprise, creating applications/packages in SCCM and.. the list can probably go on.

Does above sound familiar? Patch My PC made this task super easy and combined with the latest additions to SCCM 1806, the complexity in setting this up has been reduced to almost zero. Curious? Continue reading and be amazed 🙂

Sneek peak at the SCCM console when using Patch My PC catalog natively

Read more…

Back to basics: How can I move computers to a new OU in Active Directory during an in-place upgrade using SCCM (System Center Configuration Manager)

Introduction

Continuing the back to basics blog series, and this time addressing how you can move the computer object in AD (Active Directory) from one OU (Organization Unit) to another during an in-place upgrade of Windows. A good guess is, that this will be relevant for a lot people working with WaaS (Windows as a Service), where putting the computers into a new and fresh OU, with some new and fresh Group Policies might be needed.

This is all done using a web service and powershell. Curious? Continue reading 🙂

Read more…

Block access to company resources if running an out-of-date iOS version using Microsoft Intune and Conditional Access

Introduction

Do you need a simple, but yet effective way of forcing people into updating iOS on their company enrolled Apple devices? Simply block access to company resources if iOS is not up to date. Here is how you can do that using Microsoft Intune and Conditional Access in Microsoft Azure.

Peek into Microsoft Intune and the device compliance policies

Read more…

Enable UE-V (User Experience Virtualization) during OSD with SCCM and use OneDrive as storage path

Introduction

UE-V is not something new, but when combined with OneDrive Known Folder Move, Enterprise State Roaming in Azure and OneDrive as the storage path for UE-V, you will find yourself with a very solid solution ensuring roaming of end users data and settings.

I have previously shown you how you can enable OneDrive KFM with SCCM. This time, I’m going to show you how you can enable UE-V during OSD with Configuration Manager, and how you make sure those settings are stored in OneDrive. I hope you can see the pattern here: No on-premise file share for UE-V settings – everything stored in the users OneDrive.

A peek at the UE-V configuration when OneDrive is set as storage path

Read more…

Setting up Cloud Management Gateway (CMG) in SCCM 1806 (HTTP mode without trusted root certificates)

Introduction

More Configuration Manager 1806 and more awesomeness. 1806 gives us additional improvements to the Cloud Management Gateway and removes the need for PKI in your environment. With these improvements, it has never been easier to setup the CMG. In this post I will walk you through the exact steps I went through in order to successfully deploy the CMG in a HTTP only environment.

Read more…

Flipping the switch, part 4: Moving Device Configuration workload to Intune MDM (Co-management with SCCM 1806)

Introduction

Again, continuing the Co-management and flipping the switch journey, and moving the brand new Device Configuration workload to Intune MDM. This is the latest addition to the co-management world introduced in Configuration Manager 1806 (released 2 days ago at time of writing) and it’s absolutely amazing.

This means we finally (almost) can ditch group policies altogether and do our device configurations with Intune MDM. I will give you how to and an excellent example in this post. Read on. 🙂

The highlighted configurations now also work on co-managed computers

Read more…

How can I in-place upgrade to Windows 10 1803 using Powershell App Deployment Toolkit and SCCM (System Center Configuration Manager) 2nd edition

Introduction

Back in May i did a post on how to leverage Powershell App Deployment Toolkit and Configuration Manager to in-place upgrade to Windows 10 1803. Find the post in the link below:

Today I’m providing you with an update on the topic and giving you an updated version of the content. Note that the basic instructions for using all of this, is still found in my original post above.

Read more…

Back to basics: How can I add computers to Active Directory Groups during OSD with SCCM (System Center Configuration Manager)

Introduction

Following up on my promise and continuing this mini-series of blog post, where I’m trying to address some of the basics of Configuration Manager. This time, I’m going to give you an example of how you can to add computers to groups in AD (Active Directory) during the deployment of Windows using a web service and Powershell.

Sneak peek at the available operations in the web service

Read more…

How to enable OneDrive Known Folder Move using SCCM (System Center Configuration Manager)

Introduction

Last week the OneDrive team presented a new feature called ‘Known Folder Move’. In short, it enables us to move the content and location of the Desktop, Documents and Picture folders into OneDrive. This comes really handy when switching computers and you find your desktop, documents and picture folder exactly as you left them on the previous computer.

More about the feature right here: https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/Migrate-Your-Files-to-OneDrive-Easily-with-Known-Folder-Move/ba-p/207076

Above post also covers how to enable the feature manually or by using group golicies. As usual, we don’t like to do stuff manually and we don’t like old school group policies either. So, how about enabling this feature using Configuration Manager?

Read more…

SCCM Client Health Monitor: Automatically remediate Provisioning Mode and corrupt local Group Policy files

Introduction

A ConfigMgr/SCCM client stuck in provisioning mode or having corrupt local group policy files (Registry.pol) are two very common and nagging issues in a Configuration Manager environment.  Where it’s rather easy to use Configuration Manager to remediate the corrupt policy files, it’s another story with a SCCM client stuck in provisioning mode (the client has very limited functionality). I haven’t personally been seeing clients in provisioning mode that often, but I do occasionally see it happen following an Windows in-place upgrade .

Both scenarios will cause a drop in compliance in regards to Software Updates and general software deployments, and unless being very thorough when walking through compliance reports, clients being affected by either issues can be difficult to spot, especially in larger environments.

So I hereby give you my solution to how you can automatically remediate both issues outside of Configuration Manager using Powershell and thus increase the compliance and overall health of your environment.

Powershell snippet from running the SCCM ClientHealthMonitor script

Read more…