anyweb

what type of headphones are they and are you using bluetooth or wired to use them ?

thanks ! if you look at the apps included on the FOD discs, chances are they are there, and you need to add them (if that's what you want), you can modify the steps i've added and add additional steps to include the apps you want localised

Awesome, I'm glad to hear it ! now make sure you check out the rest of my guides ? There is plenty to learn (such as PKI, Tenant Attach, Bitlocker Management and more)

hi Mike used space only in a task sequence occurs when you have enabled the Pre-Provision BitLocker step and have not configured it (or the enable bitlocker step) to use Full disk encryption I blogged about that in the following posts, please take a look: How can we utilize the Bitlocker Management feature during OSD with Endpoint Manager Full disk encryption (in ConfigMgr 1910) – a closer look using real hardware Enabling Full Disk Encryption in Microsoft Endpoint Configuration Manager 1910 in a task sequence if none of this helps then let me know and i'll investigate in my lab

hi and welcome, first i'd recommend you use the Current Branch release of ConfiMgr, today that would be anything from version 2006 and later (you install the baseline version first CM2002) then upgrade. next, your error 0x8007052e translates to " The user name or password is incorrect. Source: Windows ----- so you should verify you are settings the username/password correctly cheers niall "

thanks ! warnings can be ignored but anything that is Failed can not. Can you share the logs generated on the root of C:\ on your ConfigMgr server please and i'll take a look (zip them up)

due to the complexity of this solution you'll probably want to use an inplace upgrade task sequence from configmgr, is that an option for you ?

@lalajee yup, that's why I had a Note: in step 5, shown again below ? Note: This is an MDT integrated task sequence so if you want to use it please integrate MDT with ConfigMgr. You will get messages about missing content during the import, choose 'ignore dependancies' and it will import the task sequence steps anyway. However, you must then step through each step in the task sequence that references a package, and point it to the equivalent package on your ConfigMgr environment.

anything is possible you just need to think and then come up with a solution. this solution will detect the installed language pack, and you could use that detection method and expand it to work in your environment https://www.niallbrady.com/2016/05/17/introducing-the-windows-10-uefi-bitlocker-frontend-for-system-center-configuration-manager-current-branch

I'm not infront of my computer but this can be inverted so that you can get or set $OSDComputerName $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment $tsenv.Value("OSDComputerName") = $OSDComputerName I'll fire up my lab and show some examples shortly... $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment $OSDComputerName = $tsenv.Value("OSDComputerName")

how about something simple like this... $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment $tsenv.Value("OSDComputerName") = $OSDComputerName

ok well then perhaps it would have been better to create a separate thread for this, seeing as it's got nothing to do with deploying Windows 8 to a HP computer... anyway, you are testing a very default scenario, i'll compare my log to yours... does your partition step look like this ? if not, show me a screenshot of your settings. in the Windows partition, have you verified that it does a Quick format ? secondly, your vm has an A:\ drive, have you tried without that ?

sorry what ?

Introduction These are my notes from a session @ Microsoft Ignite 2020, the session was hosted by Steve Dispensa (Director of Program Management at Microsoft Endpoint Manager) and Ramya Chitrakar (Director of Engineering at Microsoft Endpoint Manager). For the last couple of years at Ignite I blog my notes for sessions I'm interested in as I always find it nice to later refer to this reading material and punctuate it with content I've covered, and sometimes the videos just flow by too fast and you miss out on important points. Where appropriate I'll link to content that I've covered that is referred to in the video. This is part 2 of a two part series: What's new in Microsoft Endpoint Manager - part 1 What's new in Microsoft Endpoint Manager - part 2 (this part) As a reminder, Microsoft Endpoint Manager let's you manage your entire endpoint estate whether cloud native or on premise. On your cloud management journey if you've just started out or you've deployed co-management or you are completely in the cloud Microsoft Endpoint Manager is truly your hub to unify security, apps, access,compliance and end user experience across your entire technology estate. MEM delivers analytics and data to keep you ahead of change so you can keep your cost down, no matter what change brings. Focus on Security With Covid, almost all businesses in the world are dealing with remote productivity, where users are working from home and other remote locations and that means it's never been more important to ensure uniform security policy. MEM provides a rich portfolio of capabilities to assist you with keeping your organization safe and sound. "Start with Security Baselines to ensure your organization is following best practices and to ensure you have uniform application policy across your organization." You can start with Security Baselines to ensure your organization is following best practices and to ensure you have uniform application policy across your organization. You can manage a host of security specific policies across devices including platform specific capabilities like encryption and firewall rules and advanced threat protection from Microsoft Defender ATP. Then you can move on to risk-based access control where MEM can monitor the compliance of devices real time and that can be fed into Azure AD Conditional Access (powerful access control system). Additional you can deploy app control policies to provide compliance without fully managing a device, for example with BYOD devices. With users working from so many locations organizations need to deploy consistent policy either inside or outside corporate firewalls, is the foundation of Zero Trust. MEM can ensure that your Zero Trust policy is deployed to all your devices. Cyber threats and phising attacks are increasing between 3 and 5 times and in a recent survey 89% of businesses see cyber security as a top priority yet 62% say they lack the in-house skills to deal with it. "In a recent survey 89% of businesses see cyber security as a top priority yet 62% say they lack the in-house skills to deal with it." The rapid shift to secure remote work presents a huge opportunity for partners and SMB's. Covid19 is increasing IT Complexity and cyberattacks. Microsoft 365 Business Premium is a foundation for SMB management and security and contains everything from Teams, Conditional Access, to Azure AD to Intune and it can provide you a roadmap to maintain managed services for your customers as you light up new services for them every 6 months. Microsoft 365 Lighthouse will provide guidance and experiences with onboarding new customers, offer consolidated insights across multiple tenants in a single pane to understand how customer tenants are configured and secured, and help improve customer experience and demonstrate value. Demo Configuring Microsoft Defender policy on servers managed by Configuration Manager Below is a server managed by Config Manager, and using Tenant Attach it shows up in Microsoft Endpoint Manager. Using CMPivot, you can run queries on devices in MEM, in this example Ramya queries to see what antivirus service(s) are running on this server. Notice how the two instances found are both in a stopped state. Note: I showed you how you can run CMPivot queries in MEM here. You can now deploy Defender AV policies for devices managed by ConfigMgr in the MEM console. To do that go to the Endpoint Security node and select Antivirus, then Create Policy. Windows Autopilot Autopilot provides cloud value by simplifying the provisioning and management of Windows 10 devices. There is now a new ability in Windows Autopilot to work with co-managed devices that have the ConfigMgr client agent installed during the enrollment status page (ESP) and invoke a provisioning task sequence created in ConfigMgr. In the example the task sequence was a non-osd task sequence, it was responsible for restoring files and settings for the user. Company Portal changes Company Portal is going to be the one place IT users go for everything related to enterprise IT services. Company Portal now supports Apps from Configuration Manager, web apps from Azure ad and office.com. When you install and application you can monitor it's progress in the Downloads & Updates tab. The PowerBI app here can be opened in a Browser as it is a SAAS Azure AD app. "This shows you how Microsoft Endpoint Manager is providing you with unified experiences across the spectrum from IT Pros to End Users." Microsoft 365 is uniquely positioned to bring together the power of management and security. The Endpoint Security node in Microsoft Endpoint Manager is your one stop shop for managing security across your enterprise. In there you can configure Antivirus, Firewall, Disk Encryption (BitLocker) policies and settings, but you can also configure Security Baselines. When Defender ATP is connected to MEM you'll see additional tasks listed such as Security tasks as well as device risk based compliance. As Defender ATP was released recently for Android, you can now take actions on that in MEM. In this example, you can create a compliance policy in Endpoint Security to enable conditional access based on the Android risk score detected by Defender ATP. You can see this in action using the Eicar test virus on an Android device with Defender ATP enabled. After this happens when the user launches Outlook, you can see Conditional Access kicking in. After the user uninstalls the test virus from their phone they are once again able to access email successfully. Custom Compliance Policy In this demo you can see how to create a custom compliance policy using a Powershell script and a JSON file to manage Dell computers. "BIOS must be up to date" And using this new custom compliance policy you can use it to block access using conditional access if for example the BIOS is not up to date. Those settings are configurable in the JSON file. Security Settings for Micorsoft Edge Now you can use the Managed App settings in MEM to configure policy for Microsoft Edge on Windows devices. You can configure the home page and other settings for Edge. And on a remote users device you can see conditional access informing the user in Edge that they cannot access corporate email while signed in with their private credentials, they must use their office account. Using GPO Analytics to seamlessly migrate GPO's to the cloud. For more info see > https://docs.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics Once you've selected your GPO, click on Migrate to migrate group policy admx to the cloud There will also be a possibility of doing this via Powershell and this is will all be released as part of overall GPO to MDM capability. Key Takeaways Recommended reading Working from home - the new reality Introducing Microsoft Tunnel Microsoft Productivity Score https://adoption.microsoft.com/productivity-score/ Endpoint Analytics https://docs.microsoft.com/en-us/mem/analytics/overview Microsoft Endpoint Manager https://endpoint.microsoft.com

can you tell me a bit about the hardware you are using here and what operating system are you trying to install ? also, a screenshot of your task sequence would help

If you are one of the many, many IT admins who were asked to effectively transition a whole workforce to remote working overnight due to impact of COVID-19, you will no doubt also have been concerned about the security implications of doing so. One of the most powerful and effective means IT admins have of ensuring tight security with a remote workforce is through identity management and authentication. Azure Active Directory does exactly that and this upcoming webinar from Altaro on October 7 will teach you how to use Azure Active Directory in your business. As always Altaro will present this webinar live twice to allow as many people in different time zones to attend, ask questions and receive instant feedback from the presenters: IT security expert Paul Schnackenburg and Microsoft MVP Andy Syrewicze. This event will include a live demo of Azure Active Directory showing you how to use the tools being discussed which include: Microsoft Cloud App Security, Password Protection, Multi Factor Authentication (MFA), Windows Hello for Business, Privileged Identity Management (PIM), and Identity Protection & Conditional Access. Azure Active Directory is simply an essential tool for IT admins managing remote users. Save your seat for this valuable event and find out how you can optimize its use in your infrastructure. Save your seat!

i blogged it already here > https://www.windows-noob.com/forums/topic/21430-how-can-i-dynamically-install-windows-10-language-packs-and-associated-features-on-demand-in-an-offline-environment/

Nice catch even if I'm not using those settings, thanks ! I'll update those two steps and re-offer the download, thanks @Aleksandra

they key to getting this to work in your environment is to read my blog post, it reveals how i solved it, and you can adapt that to your environment.

yes, but i want to see what steps it is taking before the error, can you attach the log ?

can you attach your smsts.log so i can see what it is doing ?

@lalajee I've blogged it now take a look

Introduction Sometimes you need to install Windows features that normally need internet access (to install other components), language packs installed today are done in a modular and different format from previous years. In previous times you could simply install a language pack for the associate language and all was good, now there are additional components that also need to be installed otherwise Windows will attempt to download them from the internet (and notify you via the notification center if it cannot). I needed to install Windows 10 LTSC version 2019 in an offline environment (with no internet access) and I also needed to configure language pack settings and configure keyboard layout. I came up with a solution that works for me and I thought I'd share it. You might know of a simpler or better way, if so feel free to comment. Note: The LTSC (Long Term Servicing Channel) version of Windows 10 is suited for special environments, and environments without Internet certainly are special. I've even verified that the equivalent version of Windows 10 (aka Windows 10 version 1809) behaves the same way, in fact the screenshots used here are from Windows 10 1809, I didn't import LTSC into my lab yet. I've also tested this method with Windows 10 version 2004 (and the associated version 2004 LP and FOD files and it works perfectly ! Step 1. Get the feature on demand packages Normally if you install a language pack on a Windows 10 computer with valid internet, it will automatically download the associated features on demand for that language and those can include: Display language Text-to-speech Handwriting Speech recognition Typing You can see these additional items listed in the screenshot below. Depending on the language pack capabilities, some will have all of these and some will have only a few. Most of these components (features on demand or FOD packages) can be found on the features on demand ISO for the respective operating system and you can download those ISOs from the Volume License Servicing Center (VLSC) website or go to Visual Studio downloads (formally MSDN). Below you can see some of the FOD packages listed on the mounted ISO. There are FOD packages for different types of function within Windows and the packages I was most interested in were any related to language (specifically). You may find that you want to install additional FODs for your particular solution. If you scroll down the long list of FOD packages you'll see some that begin with Microsoft-Windows-LanguageFeatures, and they are sorted by country code (where applicable) into the following sections. Microsoft-Windows-LanguageFeatures-Basic Microsoft-Windows-LanguageFeatures-Fonts Microsoft-Windows-LanguageFeatures-Handwriting Microsoft-Windows-LanguageFeatures-OCR Microsoft-Windows-LanguageFeatures-Speech Microsoft-Windows-LanguageFeatures-TextToSpeech such as below. This was my first clue to solve this. I decided to copy all the LanguageFeatures FOD packages from the ISO to somewhere local. The next thing I found on the ISO was Metadata, so I copied that also. Step 2. Get the Language packs Finally, there are also Language Pack ISOs available for download for your respective version of Windows 10, and on that ISO are larger cab files containing the client language pack for each language that is available. You can find the language packs in the architecture folder on this ISO. They'll look something like this. Step 3. Sort the downloads by country code Now that you've got the necessary files, you need to decide which languages you are going to support during OSD and sort them into their own respective folders. I copied language specific FOD packages and the client language pack for each language I was interested in into it's own separate folder like below (sv-SE for Sweden), and then copied those folders onto my package sources folder on the ConfigMgr server. Note that some languages may have more (or less) FOD packages available than others, so copy all that are available on the ISO and you should be good to go. The first cab file listed below is the Client Language Pack from the Language Pack ISO and the remaining 4 cabs are from the FOD ISO. Next create another folder with the Metadata files within it. Step 4. Create packages In ConfigMgr, create a separate package for each language you intend to add support for and point it to the folder containing the Client Language Pack and FOD packages. Once you've created all the language pack packages, don't forget to create the Metadata package. Distribute the packages to your distribution points. Step 5. Import the task sequence To save you a lot of effort all you need to do is import my task sequence and then modify the package references to suit your environment. Note: This is an MDT integrated task sequence so if you want to use it please integrate MDT with ConfigMgr. You will get messages about missing content during the import, choose 'ignore dependancies' and it will import the task sequence steps anyway. However, you must then step through each step in the task sequence that references a package, and point it to the equivalent package on your ConfigMgr environment. After importing the task sequence, make sure to add your language packages (and metadata) to the appropriate steps that reference them otherwise this won't work, pretty much all of the xcopy steps will need a package attached to them. Download the following, and import into ConfigMgr. Windows 10 LTSC language packs without internet.zip Step 6. A quick look at the task sequence logic The task sequence works by first setting a variable, called Location. You can set this as a step in the task sequence dynamically based on various inputs (such as DHCP IP address, gateway, computer variable, collection variable). That I leave up to you, I've forced this example to use Sweden as the location. Next, it dynamically sets Language specific variables based on the Location set previously. You need to add one of these dynamic groups for each language you intend to support. The below screenshot shows two languages configured but you could have multiple. Next (1) it injects the system, user, locale specific settings based on the dynamic variables set above. SysLocale UserLocale InputLocale Thee next group (2) copies the en-US language pack+FOD packages, and metadata. This is needed if you want to be able to switch languages via the input switch in the task tray (language bar). Next, it dynamically downloads (3) the FOD package containing the needed files to add features on demand plus the language pack for the language you are adding support for. It then uses a bunch of DISM commands (4) to inject the necessary FOD packages. After that it sets some reg-keys (5) to deal with known issues relating to language packs cleanup before adding some more steps to allow both languages (en-US and sv-SE in this example) to display on the login screen using the input methods switch. Step 7. Viewing the result After all that hard work you'll want to see the end result. In this lab I've disabled internet access by simply powering off my Smoothwall (which controls internet to the lab). We can see in WinPE that there is no internet. After selecting the task sequence it downloads the Operating System, applies it and then starts injecting the cab files and other dism operations. Below you can see it inject one of the FOD packages And below it's injecting the Client Language Pack, all of this is dynamic based on the Location variable. After installation is complete the login screen shows no internet in the LAN connection, but the language is in Swedish. When you attempt to login you'll see the language bar, awesome. And after logging in, you will see that your chosen language pack is installed along with the necessary FOD packages, automatically and dynamically even without internet ! Awesome or what ! And of course you can use PowerShell to verify the installation of your language pack with Get-WinUserLanguageList. Windows 10 version 2004 What about Windows 10 version 2004 ? it works perfectly using this exact same method, just switch out the Operating System wim file with the 2004 version and replace the FOD and LP packages with the correct version, see below. Recommended reading Add language packs to Windows - https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-language-packs-to-windows Known issues - https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/language-packs-known-issue Available languages - https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/available-language-packs-for-windows Language and region feature on demand - https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-language-fod https://docs.microsoft.com/en-us/powershell/module/international/get-winuserlanguagelist?view=win10-ps

then as long as the computer get's the configmgr client agent, and BitLocker Management policy, then they will get encrypted as per your policy, do you want to encrypt during OSD ? if so please review If you can't use pre-prov during an MDT task sequence then use you'll have to use the Enable BitLocker step in MDT to encrypt your devices.

looks like I have it working in my lab now, blog post coming soon ? Swedish Language pack installed (and all the other bits needed) Swedish regional settings set