anyweb

if it exit's with 99 the ts will never start, the ts can only start if it exits with exit code 0, and as we know we are about to start the ts we clear the numberofupgradedefers reg key

and i've updated the main script with that fix now fyi

good point, fix added, here's the fix ' delete the number of deferals left, so the next forced upgrade will start with 5 deferrals KeyToDel = "NumberOfUpgradeDefers" DeleteRegKey(KeyToDel) i'll update the script with this fix shortly

is the hardware old, have you tried upgrading the bios in the start of the task sequence on models that are failing

new computer install or upgrade ?

mine is loading boot.sdi fine and even the boot wim, but it takes 20 minutes or so to load that boot wim, so it's painful

according to this link the following actions are available for alerts So have your alerts state changed to cancel ? can you show a screenshot ? cheers niall

thanks for posting the solution ! i'm also seeing really slow network boot on some vmware workstation labs I have... it would be great to increase that speed somehow

you can upgrade directly but you'll need to be running a supported version of SQL server, the path to SCCM 1710CB is roughly as follows upgrade SQL to a supported version Upgrade SCCM 2012 R2 SP1 to SCCM 1702CB Upgrade SCCM 1702 CB to SCCM 1710CB Apply the SCCM 1710CB hotfix you can also do an inplace upgrade of server 2012r2 to server 2016 but you'll need to uninstall WSUS 3.2 first and reinstall WSUS after the upgrade

once again, don't create a test environment in production, you'll regret it later. Get a laptop or desktop with 16GB or ram and 500GB ssd and install AD and SCCM virtual machines on that, can you not do that instead ? if you use the production environment to do your test environment then all i can say is read what i said above cheers niall

you should separate your test environment from production entirely, i.e. use a separate test vm environment with separate AD, SCCM, etc virtual machines that you test with, I wouldn't mix or recommend using a test lab in production here's a guide to setup your test environment

hi Zer0, you need to enroll your devices before they get policy, and it's policy which decides what get's managed, installed and so on, to enroll the device click on All Settings, Accounts, Access work or school, Connect and enter the credentials of a user that is licensed to use Intune, once it is enrolled you should be able to sync policy and get office installed (and the start menu), to automate enrollment, follow my guide here. fo

hi are you saying your alert status has not changed since you posted originally ? what version of sccm cb are you on ?

Introduction On Windows 10 version 1607 and earlier during Windows 10 upgrades from one version to another, after the computer reboots to upgrade the operating system you'll see a screen similar to the below At this point you could press Shift and F10 to bring up a command prompt, which is extremely useful if you need to check a log file, verify driver installation or to do troubleshooting. The screenshot below is from Windows 10 version 1607 which was being upgraded from Windows 10 version 1511. Security changes everything However there's a downside to this, having the ability to open a command prompt in the wrong hands could mean elevation of privileges or data theft. We all know that security is a big focus with Microsoft and as a direct result of the concerns above, the diagnostic prompt ability was disabled by default in Windows 10 version 1703 and later. That's all well and good for Joe public, but what about the SCCM admin who is trying to debug a task sequence ? Fear not, help is at hand. To re-enable the Diagnostic command prompt (Shift F10 during Windows setup in an upgrade scenario) you need to modify your task sequence to set a variable, and that variable is called OSDSetupAdditionalUpgradeOptions which is described here. This variable allows us to pass command line options to Windows setup during the upgrade and that's how we'll re-enable the diagnostic command prompt, however we don't want it available to everyone, except those 'in the know', aka the SCCM admins who need more info while troubleshooting. Step 1. Set a task sequence variable To make this work you need to add a Set Task Sequence Variable step before the Upgrade Operating system step in the Upgrade Task Sequence, like so. Task Sequence Variable: OSDSetupAdditionalUpgradeOptions Value: /DiagnosticPrompt enable Step 2. Add Options to limit exposure (optional) To limit the exposure of this diagnostic command prompt to only you (or your admins), you can add an option on the step to check for a file, reg key, variable or something that works for you, in this example, you'll look for the presence of a file on C:\ called windowsnoob.txt. Note: As stated, you can use whatever method you wish to limit exposure, Mike Terril has a nice blogpost on using collection variables to achieve something similar here. Step 3. Test it ! That's it, apply the changes and optionally create a file called windowsnoob.txt on C:\ on a computer you intend to test this on. Here's the file, created by the SCCM admin who plans on troubleshooting an Upgrade. Starting the upgrade... Before the reboot you can see the check for the file presence step is here, and as the file was present, the set task sequence variable step will run and here you can see the option has been appended to the Setup.exe command line by opening C:\Windows\CCM\Logs\SMSTSLOG\smsts.log in CMTrace After rebooting into the Windows Setup portion, try pressing Shift and F10 together, if everything went ok you'll see this. So that's it, now you know how to re-enable the Diagnostic command prompt during Windows 10 1703 or later upgrades and to do it in a reasonably limited way. Related reading https://docs.microsoft.com/en-us/sccm/osd/understand/task-sequence-action-variables https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options

i've just downloaded it, and tested it on my surface Pro 4 with power not connected and i see this, in other words, it's working fine...by the way the battery check only occurs AFTER the user clicks on Upgrade Now... or the 5 defers and 4 hours timeout are done, can you checek the Windows10RequiredUpgradeWrapper.log file and see what it states for that check ? also, did you make any modifications to my script ? maybe you accidently bypassed that step somehow

so to confirm, do you not see any of the folders and reports shown here ?

We can all recognize that Microsoft licensing is not only complex, but can change at any given moment across hundreds of different products. Implementing an effective software management program is important to keep on top of these changes, avoid audits, and help save your organization tens of thousands of dollars annually by providing clear data visibility to reclaim under-utilized software licenses. Many organizations rely on manual processes and programs like Excel to track software assets with limited visibility to software usage – a time consuming and error-prone process that produces inaccurate and incomplete data. Others try to leverage Software Metering and Inventory Data within Microsoft Configuration Manager to gain insight into their assets. While a step in the right direction, this also does not provide a complete or accurate picture to optimize spend and reduce risks. Attempting to cleanse and manually normalize the raw inventory data from Configuration Manager while trying to keep up with the Microsoft Licensing rules for each product that could change at any given moment can be extremely time consuming. So how do you gain control of your Microsoft licensing? Cireson believes managing Microsoft software licensing doesn’t have to be expensive or complicated. This is why they recently released True Software Asset Management for Microsoft Licensing, a beautiful and simple solution that natively integrates with Microsoft Configuration Manager to leverage your existing investment. True Software Asset Management helps with every stage of the SAM journey, from importing and managing your asset data, to data normalization with the Global Content Library, and finally providing the ability to truly manage compliance and optimize spend with visibility to your calculated license position leveraging the License Calculation Engine. With the data you need at your fingertips, everyone in the organization can make informed decisions for Enterprise Agreement renewals, contract negotiations, as well as license reclamation and redistribution as needed. Benefits include: Automatically calculate your Microsoft license position Ensure compliance Optimize spend Normalize software data with the powerful Global Content Library Identify opportunities to reclaim under-utilized licenses Provide visibility to excess licenses Prepare for upcoming Enterprise Agreement renewals Understand license position for improved contract negotiations Leverage product use rights to reduce consumption Connect Microsoft Configuration Manager to bring in device data How True Software Asset Management can help solve Microsoft licensing challenges across your organization. No matter your job function, True Software Asset Management puts the data you need at your fingertips to reduce costs and ensure compliance of your Microsoft license estate. Take a look at some common challenges solved by role. SAM Manager Automatically calculate Microsoft license compliance Eliminate time intensive and manual product license calculations Optimize spend with an accurate, complete picture of your Microsoft license data Reduce errors from manually maintaining license entitlement data Procurement Manager Improve contract negotiations with accurate Microsoft license data Reduce spend on renewals and under-utilized applications Make informed purchase decisions with better visibility into license data Insert bullets from website IT Management Ongoing visibility to under-utilized, non-compliant and excess licenses Prepare audit defense Reduce costs of unbudgeted true-ups Forecast software needs and create annual budgets with accurate Microsoft license data Leverage your existing SCCM investment with direct integration into True SAM IT Administrator Reduce time to manage, maintain, and support your SAM solution Automatically track credentials and network access for Server applications Gain accurate, real-time reporting Schedule data import with preconfigured connectors to SCCM, Active Directory, Office 365, or CSV files Get started with a free demo today or take True SAM for a spin in the online demo lab.

I've previously blogged about Cireson's venture into SCCM management with their excellent ConfigMgr Portal. I'm happy to report that they havn't stopped there, they've listened to feedback and built upon that product to release a new product called Cireson True Control Center and below is a blog from Billy Wilson @ Cireson. Do yourself a favor and check it out ! I know I will ! cheers niall “With great power, comes great responsibility.” I heard that in a movie once. This is a quote that Microsoft System Center Configuration Manager Admins know all too well. Configuration Manager has a lot of power to manage a company’s servers and workstations from a central point. Gone are the days of carrying around discs to put an OS or application on a workstation or server. Also having to deal with multiple versions of multiple Operating Systems at multiple patch levels (if any). Then being told by the boss right before budget time, “Go forth and view the land and tell me everything we have, where it is, and who is using it.” With my Console, I can send out standardized images and applications from the comfort of my ergonomic chair and pull information from any of several hundred reports. That’s the great power. The great responsibility comes from the fact that if I am not paying attention, I can literally bring down every server, workstation, ATM, and/or slot machine (many ATMs and slots use Windows…fun fact) in my company from that same comfortable ergonomic chair. Its happened with SCCM before. There are career-ending horror stories (Google it). So, SCCM Admins must be on the ball and careful as the ultimate accountability for any mishaps with the system lies exclusively with them. So, when the Service Desk Manager comes by and asks if we can deploy the Configuration Manager Console to his or her team because they need to get response times down and don’t want to wait for me to deploy an app or get them info on a computer, I understand where they are coming from. I was there once. However, there’s no way I am giving out that Console willingly. Setting up RBAC so that a Service Desk person doesn’t re-image the Domain Controllers isn’t a lot of fun. And if anything goes wrong, do they hammer the Service Desk person? No, they don’t. The torches and pitchforks are all aimed at…. Giving the console out to anybody who isn’t a trained Configuration Manager Admin keeps people like me awake at night. But the need is still valid and Cireson has answered the call with True Control Center. True Control Center (or TCC) is a web-based Portal that SCCM Admins can provide to other levels of IT so that they can utilize the power and utility of Configuration Manager (and then some) to make their day-to-day lives more productive. However, the Admin has the ability to easily limit and target that power and utility so that these Analysts can do only what the need to, only to the users and computers they should access, keeping the rest of the company safe and allowing the Admins to sleep better. Here are some of the key benefits and features of the True Control Center. Web Based True Control Center is a web-based Portal that is easily installed, configured, and hosted. No more deployment of the Configuration Manager Console. Access from anywhere in the company using Windows authentication. Power and Utility with Remote Manage Information can be at your fingertips. You can give your Analysts the ability to access computer data such as: Current health status Network information Uptime Hardware information Installed Applications Installed & available Software Updates Currently running processes Current status of services Status of Software and Task Sequence deployments Primary User information (if you are utilizing UDA) They can access user data such as: Active Directory information Primary Device information Status of User-based Software Deployments You can also provide access to any or all of the hundreds of out-of-the-box ConfigMgr SSRS Reports that you find relevant to the Analysts’ job responsibilities and, if that isn’t enough, export the results of views directly to Excel or PDF! And that’s just information. You can also provide Analysts the access to perform the following functions on computers remotely: Deploy Applications, Software, and Task Sequences Initiate Config Man Client actions such as Heartbeat DDR, get client policy updates and hardware and software inventory cycles Reboot or shut down Create a PowerShell remote session RDP or initiate a Config Man Remote Control session Repair or uninstall the ConfigMan client or WMI Clear or clone app deployments Add or remove computers from Collections Terminate processes or stop and start Windows services Add or remove Primary Users Add and configure MDT roles Create and manage Applications, Software, or Task Sequences Add, pre-register, or import computers into Config Man For End Users, you can give Analysts the capability to: Initiate user-based application deployments Reset or unlock their AD accounts and passwords Manage their primary devices Integrated Not only does True Control Center integrate with Configuration Manager but it can also integrate with MDT. You also have the ability to link to External Tools so that you can initiate action on other systems and pass in data, such as creating an Incident or Change Request for a computer. Peace of Mind As a Configuration Manager Administrator, True Control Center will give you the ability to provide the power and utility with mitigated risk. Access to the data and actions above are easily scoped to Analyst role via Active Director group membership. You have the power to limit what computers, users, and software that a group of Analysts can even see in their Portal using any criteria that makes sense for your organization. You can make it so that there is no possible way the someone could accidentally push and application or OS to a server or collection. The result for an Analyst group such as Service Desk could be… You can also provide Analysts templates so that they do not have to remember what settings go with which deployments. There are even templates for adding Applications and Task Sequences to Config Man through the Portal as well. We help you take the guess work out and keep the amount of training required for an Analyst to use the Portal to a minimum. Easy training and offloading tasks will help you be more productive in your day as well and that is money. The fact of the matter is… the Configuration Manager Console was designed for Admins, not Analysts. Being able to offer a safe, intuitive, and easily accessible alternative will allow you to make your Service Desk Manager’s day and maybe your average work day, a bit more peaceful. Get started with a free demo today or take True SAM for a spin in the online demo lab.

Introduction Occasionally you want to inform users about something, such as the need to update or install software, and the easiest way to do that is with some sort of a popup notification. The ability to do that in Microsoft Intune is not currently available in the product although it is a Uservoice item in progress. In the meantime however, if you need to send a notification to users of Windows devices in Microsoft Intune, it's possible using PowerShell and here's how to do it. The idea here is that you can customize the PowerShell script to deliver the message you want (and if necessary take possible actions, however you need to add your custom code to the script and it must not exceed 200KB). the screenshots below are taken on a Windows 10 version 1709 device enrolled into Intune, the device is logged on as a user with normal permissions (not an Administrator) and this was configured with Windows AutoPilot. Note: The Intune management extension which is used to run the PowerShell script has the following prerequisites: Devices must be joined to Azure AD Devices must run Windows 10, version 1607 or later Step 1. Download the script Download the DisplayMessageInIntune.ps1 script. DisplayMessageInIntune.zip Step 2. Edit the script in ISE Launch PowerShell ISE and open the extracted downloaded script. Scroll down to the following values. The values are currently set as PowerShell Parameters with the hope that the current functionality in Microsoft Intune will support Params with PowerShell scripts in the future (I've requested this ability as a DCR to Microsoft directly). If this ability does come to Intune then I will blog an update to this post explaining how to make it dynamic. When you've changed the message title and message body, you might also want to change the Type and Option available to the user, below are the values you can configure. $Option can be any of the following values "OK" "OKCancel" "AbortRetryIgnore" "YesNoCancel" "YesNo" "RetryCancel" $Type can be any of the following values "Asterisk" "Error" "Exclamation" "Hand" "Information" "None" "Question" "Stop" "Warning " Finally after line 69 you can add any additional code you want, for example to check what key was pressed etc. Step 3. Upload the script to Microsoft Intune In the Intune service in Azure select Device Configuration and click on PowerShell Scripts. In PowerShell scripts, click on Add. Enter the following values: Name: "Display a message in Intune" Description: "Using PowerShell to messages in Intune" Script location: DisplayMessageInIntune.ps1 Next click on Settings, Configure to see the options available, Change the first option so that the script runs with the same permissions as the logged on user. Click OK when done and then click on Create to create the PowerShell script in Intune. Next click on Assignments to assign the PowerShell script to a Group of Users. To do that, click on Select Groups and then select a Group of Users that you'd like to assign this to. Next click on Save to save this group. Step 4. Review what happens on a Windows device On a Windows device, logon using the credentials of a user that is in the selected group that you assigned the PowerShell script to. Tip: You can restart the Microsoft Intune Management Extension service (as a user account with Administrator permissions) rather than wait one hour for that extension service to run the PowerShell script. Note: Your users don't need to do the service restart, this is just so you get instant gratification and can review the end-result. After the policy is received the message popup is displayed on top of all windows. result ! Troubleshooting You can review 2 logs files, one is the log file for Microsoft Intune Management Extension: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log and the other is generated by the PowerShell script itself: C:\Windows\Temp\DisplayMessageInIntune.log Note: If you want to display the message to a user in SYSTEM context then download serviceUI.exe from the MDT toolkit and launch powershell with that exe, like so... and create a Win32 App instead of using a PowerShell script option. ServiceUI.exe -process:explorer.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File DisplayMessageInIntune.ps1 Recommended reading https://docs.microsoft.com/en-us/intune/intune-management-extension https://oliverkieselbach.com/2017/11/29/deep-dive-microsoft-intune-management-extension-powershell-scripts/ https://www.petervanderwoude.nl/post/combining-the-powers-of-the-intune-management-extension-and-chocolatey/

interesting and thanks for sharing but we found out the issue, it's related to DMA as described in these links, so a GPP will solve it for now https://blogs.technet.microsoft.com/secguide/2018/01/18/issue-with-bitlockerdma-setting-in-windows-10-fall-creators-update-v1709/ https://support.microsoft.com/en-gb/help/4057300/devices-not-working-before-log-on-a-computer-running-windows-10-1709

hi Alex my guide does not cover SQL AlwaysOnAvailability, so if you need it please add it to the SQL installation PowerShell script and post your results here for others to use cheers niall

it all depends on your hardware manufacturer, so to enable the TPM on Dells is of course different to enabling it on HP's, both require the vendors tools and specific steps to do so,

thanks, i don't see why not, try it and let us know

ok got it and replied

no email received ! who did you send it to ?