Flipping the switch, part 4: Moving Device Configuration workload to Intune MDM (Co-management with SCCM 1806)

Introduction

Again, continuing the Co-management and flipping the switch journey, and moving the brand new Device Configuration workload to Intune MDM. This is the latest addition to the co-management world introduced in Configuration Manager 1806 (released 2 days ago at time of writing) and it’s absolutely amazing.

This means we finally (almost) can ditch group policies altogether and do our device configurations with Intune MDM. I will give you how to and an excellent example in this post. Read on. 🙂

The highlighted configurations now also work on co-managed computers

Read more…

How can I in-place upgrade to Windows 10 1803 using Powershell App Deployment Toolkit and SCCM (System Center Configuration Manager) 2nd edition

Introduction

Back in May i did a post on how to leverage Powershell App Deployment Toolkit and Configuration Manager to in-place upgrade to Windows 10 1803. Find the post in the link below:

Today I’m providing you with an update on the topic and giving you an updated version of the content. Note that the basic instructions for using all of this, is still found in my original post above.

Read more…

Back to basics: How can I add computers to Active Directory Groups during OSD with SCCM (System Center Configuration Manager)

Introduction

Following up on my promise and continuing this mini-series of blog post, where I’m trying to address some of the basics of Configuration Manager. This time, I’m going to give you an example of how you can to add computers to groups in AD (Active Directory) during the deployment of Windows using a web service and Powershell.

Sneak peek at the available operations in the web service

Read more…

How to enable OneDrive Known Folder Move using SCCM (System Center Configuration Manager)

Introduction

Last week the OneDrive team presented a new feature called ‘Known Folder Move’. In short, it enables us to move the content and location of the Desktop, Documents and Picture folders into OneDrive. This comes really handy when switching computers and you find your desktop, documents and picture folder exactly as you left them on the previous computer.

More about the feature right here: https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/Migrate-Your-Files-to-OneDrive-Easily-with-Known-Folder-Move/ba-p/207076

Above post also covers how to enable the feature manually or by using group golicies. As usual, we don’t like to do stuff manually and we don’t like old school group policies either. So, how about enabling this feature using Configuration Manager?

Read more…

SCCM Client Health Monitor: Automatically remediate Provisioning Mode and corrupt local Group Policy files

Introduction

A ConfigMgr/SCCM client stuck in provisioning mode or having corrupt local group policy files (Registry.pol) are two very common and nagging issues in a Configuration Manager environment.  Where it’s rather easy to use Configuration Manager to remediate the corrupt policy files, it’s another story with a SCCM client stuck in provisioning mode (the client has very limited functionality). I haven’t personally been seeing clients in provisioning mode that often, but I do occasionally see it happen following an Windows in-place upgrade .

Both scenarios will cause a drop in compliance in regards to Software Updates and general software deployments, and unless being very thorough when walking through compliance reports, clients being affected by either issues can be difficult to spot, especially in larger environments.

So I hereby give you my solution to how you can automatically remediate both issues outside of Configuration Manager using Powershell and thus increase the compliance and overall health of your environment.

Powershell snippet from running the SCCM ClientHealthMonitor script

Read more…

Back to basics: How can I fully automate the patching of Windows 10 using SCCM (System Center Configuration Manager)

Introduction

I have been spending some time on the Configuration Manager forums on Technet lately, and questions about Software Updates (among others) frequently pops up. So I thought of creating a series of blog post explaining some of the basics of Configuration Manager or explaining some of the topics I often see being repeated as questions on the forums.

This will be the very first in such series, where I will give an example on how you can use SCCM to fully automate the patching of Windows 10. All of these examples will be based on the latest version of Configuration Manager Current Branch.

Peak at the Automatic Deployment Rule we will be creating and configuring in this example

Read more…

Switch default browser the enterprise way using the Software Center in SCCM (System Center Configuration Manager) and Powershell

Introduction

In this post I will talk about Windows 10, file associations and how you can let the user in an enterprise switch default browser through the Software Center in SCCM (System Center Configuration Manager). All of this is done in an environment where file associations are tightly managed and locked through group policies (as they should be in an enterprise) on computers running Windows 10. Curious on the topic? Read on 🙂

Read more…

Enable password reset on the login screen of a Hybrid Azure AD joined Windows 10 1803 device

Introduction

More Windows 10 1803! Password reset directly from the login screen of Windows 10 has been possible since Windows 10 1709, but only in a cloud-only scenario. This changed with 1803, and users having a hybrid Azure AD environment, are now able to offer this service to their users as well. (assuming they roll on the latest and greatest Windows 10 version). This guide explains what’s required in a Hybrid environment and how to leverage Configuration Manager to apply the proper configuration on the client.

For this to work, there are a few prerequisites:

  • Windows 10 1803 or newer
  • Password writeback enabled in Azure AD Connect
    • Proper permissions in on-premise AD for the AAD Connect account
  • Password reset enabled in Azure AD
  • Enable password reset on the 1803 clients (in this scenario through ConfigMgr)

Read more…

How can I deploy RSAT (Remote Server Administration Tools) for Windows 10 1803 using SCCM (System Center Configuration Manager)

Introduction

Continuing on the Windows 10 1803 journey from last week. RSAT (Remote Server Administration Tools) is available as well. This is a quick guide on how you can deploy RSAT for Windows 10 1803 using an application in the Software Center of Configuration Manager. RSAT is available for download following this link: https://www.microsoft.com/en-us/download/details.aspx?id=45520

The files available for download includes following. Select the one appropriate for your running OS.

  • WindowsTH-RSAT_WS_1803-x64.msu
  • WindowsTH-RSAT_WS_1803-x86.msu
  • WindowsTH-RSAT_WS2016-x64.msu
  • WindowsTH-RSAT_WS2016-x86.msu

Read more…

How can I in-place upgrade to Windows 10 1803 using Powershell App Deployment Toolkit and SCCM (System Center Configuration Manager)

Introduction

Update July 26, 2018: I have made an update to below content. Please find the new post on the link below. Note that the content in this post is still relevant.

Windows 10 1803 is out (old news I know). Nevertheless, its always a good idea to be ahead and start thinking and planning the upgrade of your environment. Configuration Manager offers a lot of flexibility in terms of servicing plans and the use of task sequences.

Task sequences is the preferred method in our environment, and I thought I’d share how you can deploy the Windows 10 1803 upgrade through the Powershell App Deployment Toolkit, some custom Powershell script and an application in the Configuration Manager Software Center. Curious? Read on. 🙂

Read more…