I’ve been struggling to get SCCM 1602 and imaging of windows 10 to play nice and the below is one of the latest issues I’ve encountered. If your running Windows 10 build 1511 and try to capture you might encounter error code 0x00004005. One of the possible causes can be all the Appx packages (Candy Crush and Twitter etc.) Microsoft decided to install even in Enterprise edition (that one I don’t understand I could see home even pro but enterprise?). As was pointed out in this technet article running a Get-AppxPackage -AllUsers | Remove-AppxPackage remedies the issue before capture.
In the company I work for we commonly have laptops that are connected to a wired connection and are also connected to WiFi. This isn’t good practice and DNS gets a little weird when it gets registered IP addresses from both the WiFi adapter and a registration from the wired connection. I have been using a VB script from intelliadmin that monitors the wired connection and disables the WiFi adapter when the wired connection is plugged in which works great. You can do as intelliadmin suggests and run it as a group policy computer configuration logon script. The problem that I ran into with that method is that as group policy runs when a computer starts up if it’s not connected to the network the script wouldn’t run. Even worse I ran into issues where the user would have their computer connected to a wired connection and shut it off with the wireless…
View original post 140 more words
Happy Wednesday, (Well as happy as an Wednesday can be I guess…) I was prompted by a user that their machine was behind on updates as were many others as they tried updating from the web and got lots of updates. I did some checking and all the updates looked to be fairly recent within the last month but were listed as Critical level updates. This confused me as I have critical level updates deploying more often than once a month to not get behind on security vulnerabilities as Microsoft patches them. After some research I realized there is a difference between Critical level severity and Critical level update classifications. Microsoft defines Critical Updates as “A widely released fix for a specific problem that addresses a critical, non-security-related bug.” So just because it’s in the critical update classification it may not have an severity level of critical. In fact critical…
View original post 95 more words
A couple of weeks ago I got to thinking, I do these little robocopy transfers all the time why not write a function so I can do a transfer and I don’t have to go looking up all the parameters. So after a few minutes, the below script was born. Simply run the script in Powershell, and it will prompt for the old folder (source) and the new folder (destination). Once the copy is complete it will monitor the source directory and copy any changes until you exit the script which is great when a user is still working in the source directory such as when you need to move a home directory. It also sticks a log file in the directory you ran the script. Just keep in mind that this is setup to be a mirror copy and if you reverse the source and destination you will copy…
View original post 81 more words
I had an issue today with an old KMS server that some machines had been talking to getting shut down and then the machines months later complaining that they couldn’t find the KMS server. I then removed the KMS server’s DNS entries and prevented it from publishing them to dns which had been missed before. That isn’t the purpose of this post though so if you need more info the below two links help out a lot.
Back to the purpose of my post was when I get tickets for activations (as I have over the past few days) I wanted an easy script to run slmgr, remove the product key, input, and activate the new key. We use MAK keys in our environment so just for the few machines that were set up for…
View original post 121 more words
I had a server I had to quickly give a alternate name to so that the existing users could point to the new server but I didn’t want to rename it the same as the old one. Traditionally you would simply add the following registry entry.
DWORD name: DisableStrictNameChecking
DWORD value: 1
Problem is this only works if you have SMB1.0 enabled on both the server and client and you know how unsecure that is (think EternalBlue exploited by Wanna cry).
The proper way is to use netdom to add an alternative name by doing the below.
This will add a new SPN in active directory for the current machine name.
Special thanks to Dimitri’s Wanderings which is in the first link below as that saved me a lot of time.
As an SCCM administrator it is easy to install SCCM and simply forget about WSUS being an integral part of SCCM and forgetting its even there. That is until you start getting synchronization errors or other WSUS errors. So to fix or prevent that from happening you should really go to the wsus server cleanup wizard which can be found in the wsus console under options. What do you do though if you haven’t been running it and the wsus server cleanup wizard fails.
Well to start you can rerun the wsus server cleanup wizard with all but the first option and then rerun with only the first option but that won’t always work especially if you are really behind on wsus cleanup. So your options are to reinstall the wsus database or do a manual cleanup. In the past when I had seen issues with this occur I had…
View original post 135 more words
So I had to delete a package off a distribution point and redistribute yesterday and ran into an issue where it would not distribute. I continued to read my logs and noticed that the distmgr.log continually retried the package but never actually distributed it. It just kept saying no action specified for package. Well after a ton of research I came across a blog post detailing how resolve that.
First check your action and updatemask
This particular distribution point had an update mask and action totally different than any of the other servers.
I then deleted that record.
Once I did that I was able to finally redistribute the content.
Thanks a bunch to Daniel Eyer’s blog.
I wanted to get some details every time a machine was imaged for my own details. Mostly for asset tracking purposes I set up the below script to run at the end of my task sequence.
It is really nice to get all this info.
PC imaged is PCname with Serial R9ZRLB8 and Make and Model LENOVO 23594LU. Processor is Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz. Ram is 8.00 GB. Operating System is Microsoft Windows 10 Pro 10.0.15063
I suppose this could also be modified so that the tech imaging the machine could also get the email. Maybe basing it off of the machine’s OU. Hopefully someone finds this useful but I have found it quite handy. I have also finished a script to gather logs when the task sequence fails and send them to me but I am still testing that out and will save that for my next…
View original post 46 more words
So in follow up to my last post I have been testing a script to look for the smsts log when the task sequence fails and send me an email with the smsts.log as attachment.
I set this up in my MDT task sequence under the gather logs and statestore on failure section so that way whenever the task sequence has an error I get the logs.
I have a nice array of locations of the smsts log and a foreach loop to look through them test if they exist using Test-Path cmdlet and attach them to my email.
Seems to work well from what I have seen so far.