anyweb

woo hoo

I'm checking with Microsoft, in my lab at least there were no BitLocker keys in AD but perhaps we need to configure something in order for this to happen, let's see if i get a reply... The replies I got simply reminded us that this feature in SCCM is still in preview, i.e. work in progress. Also, storing the keys in AD is not MBAM specific but via GPO's. Watch this space to learn more about when the feature goes public in the Current Branch releases.

it can be confusing in the beginning, thing of https://portal.azure.com as the place where all cloud services are stored including Microsoft Intune and AzureAD which are both services in Azure. you can use https://devicemanagement.microsoft.com/ for Intune and Office365 related activities or you can manage Intune directly as a service in portal.azure.com, to manage/admin stuff directly in Office365 use https://admin.microsoft.com/ you'll find it starting to make sense as soon as you dig into to, in that the multiple portals can all be used to manage users/devices/licenses/subscriptions.. cheers niall

ok just tried it, it worked fine. also i don't have any 1802 in my script, so please double check what you've downloaded, it should be dated April 2019.

ok well i gues i'll have to revert my lab to that step to determine what your blocker is.

well they are all intertwined to be honest, but I'd start by learning Microsoft Intune, it can encompass Azure, AzureAd and optionally Office 365.

thanks for the thanks !

sorry, i mean is that user in the local administrators group on that server ?

If you use vSphere on a daily basis, this a webinar you simply cannot miss! vSphere Automation Masterclass Automation is key to maximizing the potential of vSphere, especially if you’re managing multiple systems and want to achieve as much with your time as possible. Did you know that most tasks in vSphere can be performed using automation? Did you know that the cloud can be used to conduct configuration changes for an on-premises cluster? Automation is an essential aspect of the modern-day vSphere administrator, and even if you are currently automating vSphere tasks, you might be unaware of the full possibilities it can deliver. In this webinar, presenters Andy Syrewicze (VMware vExpert) and Luke Orellana (VMware vExpert) demonstrate powerful automation techniques that will enable “turbo-mode” for your datacenter. This webinar will feature several live demos covering: ● The basics of PowerCLI ● Deployment Automation ● Desired State Configuration for vSphere ● Cloud Integrations ● And more! vSphere Automation Masterclass will be held on June 20th and as always the webinar will be presented live twice - at 2pm CEST/8am EDT/5am PDT and at 7pm CEST/1pm EDT /10am PDT. The reason they go through it all twice is to try and cater for live audiences on both sides of the Atlantic. Both sessions have the same content so it’s just a way of enabling as many people as possible to attend live and have the opportunity to ask questions live! I’ll be attending the event and if you vSphere on a daily basis then this is a must-attend event for you too! Join me and save your seat today Webinar Title: vSphere Automation Masterclass presenters Andy Syrewicze (VMware vExpert) and Luke Orellana (VMware vExpert) Date: Thursday, June 20, 2019 Session 1: 2pm CEST / 8am EDT / 5am PDT Session 2: 7pm CEST / 1pm EDT / 10am PDT Save your seat now!

is that user a sql SA ?

hmm maybe use bits out of my DisplayMessageInIntune.ps1 script shown below <# # niall brady 2018/1/26 # simple script to display a popup message in Microsoft Intune # Customize the message by editing the variables # $Option can be any of the following values "OK" "OKCancel" "AbortRetryIgnore" "YesNoCancel" "YesNo" "RetryCancel" $Type can be any of the following values "Asterisk" "Error" "Exclamation" "Hand" "Information" "None" "Question" "Stop" "Warning " $WhichButtonHasFocus indicates the default button (that initially has focus). This is required if the DefaultDesktopOnly parameter is used. DefaultDesktopOny forces the message box on top. #> param ( [string]$title = "www.windows-noob.com (c) 2018", [string]$Message = "This is a popup message in Microsoft Intune !", [string]$Option = "OK", [string]$Type = "Information", [string]$WhichButtonHasFocus = "Button1", [string]$OnTop="DefaultDesktopOnly", [string]$ReturnCode = 0 ) Function LogWrite { Param ([string]$logstring) $a = Get-Date $logstring = $a,$logstring Try { Add-content $Logfile -value $logstring -ErrorAction silentlycontinue } Catch { $logstring="Invalid data encountered" Add-content $Logfile -value $logstring } write-host $logstring } # script starts here $Logfile = "C:\Windows\temp\DisplayMessageInIntune.log" LogWrite "Starting DisplayMessageInIntune script..." [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”) [Windows.Forms.MessageBox]::Show(“$message”, “$title”, [Windows.Forms.MessageBoxButtons]::$Option, [Windows.Forms.MessageBoxIcon]::$Type,$WhichButtonHasFocus,$OnTop) #[Windows.Forms.MessageBox]::Show(“$message”, “$title”, [Windows.Forms.MessageBoxButtons]::$Option, [Windows.Forms.MessageBoxIcon]::$Type,$WhichButtonHasFocus) LogWrite "Ending DisplayMessageInIntune script... with returncode $ReturnCode" Exit $ReturnCode or going back to your edits, i notice you have a 'write host' to display the value do you ever see that ? i doubt it, therefore i'd add logging, you can use the LogWrite function I have in my Intune powershell script as it logs everything and then modify it to capture the results of the click (and value) ok ?

you are welcome !

<![LOG[Expand a string: equals]LOG]!><time="14:23:44.440+180" date="06-07-2019" component="TSManager" context="" type="0" thread="9592" file="utility.cpp:790"> <![LOG[Expand a string: ReturnCode]LOG]!><time="14:23:44.440+180" date="06-07-2019" component="TSManager" context="" type="0" thread="9592" file="utility.cpp:790"> <![LOG[Expand a string: 1]LOG]!><time="14:23:44.440+180" date="06-07-2019" component="TSManager" context="" type="0" thread="9592" file="utility.cpp:790"> <![LOG[The action (Cancel = erreur) has been skipped because the condition is evaluated to be false]LOG]!><time="14:23:44.440+180" date="06-07-2019" component="TSManager" context="" type="1" thread="9592" file="instruction.cxx:696"> <![LOG[Not in SSL]LOG]!><time="14:23:44.483+180" date="06-07-2019" component="TSManager" context="" type="1" thread="9592" file="libsmsmessaging.cpp:10091"> <![LOG[Clear local default environment]LOG]!><time="14:23:44.509+180" date="06-07-2019" component="TSManager" context="" type="0" thread="9592" file="executionenv.cxx:809"> <![LOG[Execution of the instruction (Cancel = erreur) has been skipped]LOG] you are only checking for ReturnCode=1 not zero from what I can see..

can you attach your smsts.log so i can see that step being executed please ?

I've seen errors configuring the SQL Server memory when you are logged on as the wrong user, make sure you are logged on as the domain\user specified in the script, look at line 20... I think the user must be a SA to do the sql server memory change, but can't remember, please verify what user you are running this as... and i don't think domain\administrator is a SA....

hi Kevin, you could set a variable in the PowerShell script and use that to hold the value, something like this $tsenv.Value('WhatValue') = $ReturnCode then check for the value of that variable in your task sequence by checking for %WhatValue% (create an option on a step) so it seems you are already doing something like that (but have it remmed out)

did you see this ?

ah my bad, thanks for the heads up. I mixed up some old/new scripts... i've re-uploded them for parts 4-6, should be fine now, please check.

it will wait until the user presses ok or until the step timesout, you can adjust the timeout on the step

good point... so can you fill me in with why you want to do this, give me a scenario...

it's up now !

Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1902 as of April the 10th 2019. I blogged how to upgrade to 1902 here. This guide is aimed a new installations of SCCM. Baseline media is used to install new ConfigMgr sites or to upgrade from supported versions, for more information about baseline media please see my blog post here. This series is broken down into the following parts:- Part 1 - Get the lab ready, configure ADDS Part 2 - Join CM01 to Domain, add users, create the Systems Management container, delegate permission Part 3 - Role and Feature installation, installation of WDS and ADK Part 4 - Configure and install SQL Server 2017 Part 5 - Configure and install SCCM 1902 Current Branch Part 6 - Create device collections (This part) Part 7 - Configuring discovery Part 8 - Configuring boundaries You can use this multi-part guide to get a hierarchy up and running on Windows Server 2019 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Downloads The scripts used in this part of the guide are available for download here. Unzip to C:\Scripts. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (DC01 or CM01). Scripts.zip Step 1. Create device collections Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator In this part you'll create some device collections to prepare your lab for Servicing Windows 10, whether using WAAS (Windows As A Service) or using the Inplace Upgrade (IPU) Task Sequences built into ConfigMgr. The collections created include some based on the recently released Windows 10 version 1903. Method #1 – Do it manually You can create collections using the ConfigMgr console and clicking your way through the wizard, you'll need to add membership queries to populate the collections, and include Include or Exclude rules as appropriate. To create collections manually open the Assets and Compliance node and select Device Collections. Right click on Device Collections and choose Create Device Collection. In the wizard that appears give the collection a name, eg: All Windows 10 and limit it to another existing collection by clicking on Browse and selecting an existing collection to limit to for example All Systems. A limiting collection decides what collection members of this collection must be in first in order to appear within this collection. Next you decide how you want the collection to populate with members, the most common method of populating a collection is to use a query, so click on the Add Rule drop down box and selct Query Rule. Doing so brings up the Query Rule properties screen, give the query a suitable name such as All Windows 10. Next click on Edit Query Statement and then select Show Query Language Note: In a production environment be very careful about editing query statements on 'live' collections that have Task Sequences, Packages or Applications deployed to them, otherwise you can have unintended results by making a mistake with the query. In the Query statement properties screen, remove the current query (which basically selects EVERYTHING in your environment) and in its place, paste in a working (known good) query, for example for All Windows 10 use the following query. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where (SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' or SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0 (Tablet Edition)') Click OK to close the Query Rule Properties screen. Next you can optionally adjust the membership schedule by clicking on Schedule. Click your way through the rest of the wizard, once done, the All Windows 10 collection will appear. Repeat the above process to add all your other desired collections for Windows 10 and WAAS. Method #2 – Automate it with PowerShell To automate the creation of a bunch of device collections simply run the CreateDeviceCollectionsWindows10.ps1 Powershell script by starting PowerShell ISE as an Administrator on the ConfigMgr server (CM01). awesome ! Below you can see the script has run And after refreshing the console, all the new collections (with queries added) appear. Please join me in Part 7 where we'll configure discovery.

hi the powershell script is there, you just need to be logged in as a member to download it, so please try again. the reason your popup doesn't appear is because it's running as system context, so you never see it (but SYSTEM does...), that's why we use ServiceUI.exe to get around that problem

sorry, me too, I will get it done and hopefully add a part 7 also, I'll try and resume it this weekend, just other things have taken priority.

thanks @daemon