Search This Blog

Loading...

Thursday, 17 June 2021

Welcome


Hi There,

My name is Dan, I currently work in London as a SCCM consultant on a working holiday from Australia.

I will be updating this blog from time to time with tips on application packaging and OS Deployment , specifically using MDT/SCCM.

If you have any questions dont hesitate to contact me.

LinkedIn: https://uk.linkedin.com/in/dan-padgett-36b982a5

Cheers,

Dan

Monday, 15 August 2016

Disable Microsoft Edge First Run



To disable Microsoft Edge first run you have to jump through a few hoops. Luckily i've done this for you.

Many blogs state that you just need to change the value of "IE10TourShown" in the following:

[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main]

However this is not enough. To fix edge you need to set these values.



I deploy these values by Group Policy Preferences.

Open your relevant workstation policy and navigate to :User Configuration>Preferences>Windows Settings>Registry 

From here add a registry items for all settings above from HKEY_CLASSES_ROOT.





Next, create a folder (collection item) and within in add all the items above from HKEY_CURRENT_USER. Once added, right click on your collection folder, navigate the "common" tab, and select "Run in logged-on users security context (user policy option)" .





And thats it, with this set users should not see the "first run" edge wizard. Further configuration of edge can be made from Admin Templates>Windows Components>Microsoft Edge. 

Cheers, 

Dan 



Thursday, 19 May 2016

DirectAccess Troubleshooting

Hi All Direct Access users, 

If you experience clients who have not been able to ever connect to direct access, it may be because the initial GPO for Direct Access was never processed 100% successfully.

Please perform these troubleshooting steps.

Open command prompt and enter: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

If you see this:



This means IPV6 has not been enabled, to fix this, open the registry and change this value to 0.

You will now see.
                



If IPV6 Is fine, perform a “Ipconfig /all”

You should see the the adaptors named:

                


If you do not see these adaptors, you need to manually install the Teredo Adaptor. To do this Open Device Manager > View: Show Hidden Items

Click “Action/Add Legacy Hardware”


                

Click Next>”Install the hardware I manually select from a list”

Scroll to “Network Adaptors” and click Next, wait.

Select Microsoft/Microsoft Teredo Tunneling Adaptor and install.
               
               



Reboot and test direct access again, it should now work.

Cheers,

Dan


Tuesday, 17 May 2016

Windows Phone 8.1 Will Not Enroll To Intune

Oh Microsoft.. you mysterious beast.


I was recently informed by one of my Techs that he could not enroll a Windows Phone to our Hybrid Intune/SCCM setup. I found this quite strange as nothing on our end had changed significantly, well other than updating my SCCM to 1602 a few weeks prior. I tested a IOS device and it enrolled just fine.

A small diagram on how Intune in Hybrid mode should work:



The user he was trying to enroll was getting the following error on a windows phone:




Early investigating led me to checking the relevant log files for Intune, this is what i saw in the dmpdownloader.log






ConnectorSetup.log  showed the following:
 "<05/09/16 16:42:29> CTool::RegisterManagedBinary: Failed to register C:\Program Files\Microsoft Configuration Manager\bin\x64\IntuneContentManager\Microsoft.ConfigurationManager.IntuneContentManager.dll with .Net Fx 2.0"

The SC_Online_Issuing certificate was showing the following:



Steps i performed to attempt to remedy these issues were:
I did the following:


1.       Manually removed cert.

2.       Removed service connection point

3.       Removed Intune subscription

4.       Rebooted site server

5.       Setup intune/scp

6.       Certificate regenerated.
After performing the above i tried re-enrolling a Windows Phone 8.1 and received the same error. I ended up performing the same steps above a number of times. 
At this point i took to Microsoft and logged a support call. I was already drinking heavily at this time in frustration to what seemed to be an unfixable problem. I tried everything i could think of......but sometimes the most painful issues have the stupidest fixes...or so it is when dealing with Microsoft products. 

This is the resolution from microsoft!

Go to Administration >>Cloud Services>>>Right Click on the Intune Subscription >>>and configure Platforms
Click on Windows Phone 8.1 uncheck, then apply the change, then recheck. 

Of course! why didnt i think of that! I would have assumed removing the ENTIRE CONFIGURATION four times would have accomplished this. From what i can see this isnt documented anywhere, so i hope this solves your issue if you run into the same problem.

NB. The errors you see in the screenshots like "check whether this site has an intune subscription" seem to be a red herring, they dont actually indicate an issue as far as i can tell. 

Cheers, 

Dan 



Friday, 6 May 2016

Exchange: List all ActiveSync Users & PhoneNumbers

Here is a script that will list you all Exchange users with a specific ActiveSync policy, it will link the users to their AD objects and list their Mobile Number if present.

Hopefully this helps someone..


Cheers,

Dan




Remove Objects Powershell Tool



Hi All,

Like most of you i try and make peoples lives easier and remove repetitive tasks. If you are like me and use "All Unknown Computers" to deploy your OSD to you will also be fairly familiar of making sure you have cleared an object from the SCCM Database before trying to reimage, otherwise ... well its not Unknown now is it?

Typically this would involve a tech opening AD searching for the computer and removing it, then opening the SCCM console and doing the same.


I thought i would write a simple little tool to take the repetitiveness away..  here it is in action:



The tool will list all objects in your specified OU with name and description. You can then either delete from SCCM, AD or Both.


Here is the full Code.

I suggest saving this as a .ps1 file and then compiling to an EXE with PowerGUI or similar.

You will need to edit lines:

263 (SCCM Server Address).
264 (SCCM Site Code XXX)
265 (AD SearchBase)

Cheers!

Dan



Thursday, 28 April 2016

Warning! KB3148812 breaks WSUS server!

Beware! I got a notification on my SCCM server that it was failing to get updates, checked the logs and was presented with this..






note the date started...

The behavior was the WSUS service was stopping itself for no apparent reason, windows logs showed: "The WSUS Service service terminated unexpectedly.  It has done this 4 time(s)."




So i then checked any updates applied to my server on that date and found.




How ironic, windows update breaks windows update.  As soon as i removed the KB everything started to work again!