As many of you do (i imagine) – you run into useful things, use them once… or a few times…. or a few hundred times, but recording these in a central location is something that tech’s are just not good at.
For me, this is demonstrated by the times i google something and my own f*cking blog comes back with the answer…. i’m old, forgetful and deal with a lot of clients and technologies…. Still….
The purpose of this page is simply to provide a reminder for me and my employees about various useful bits and pieces…. and if it helps others – all the better.
Task sequence monitor – https://gallery.technet.microsoft.com/ConfigMgr-Task-Sequence-fefdc532
Pre-req installer – https://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd
TFTP mod script – https://ccmexec.com/wp-content/uploads/2016/09/SCCMTFTP.ps1
Creating a Global condition for “Computer Model”
Name: Computer Model
Device type: Windows
Condition type: Setting
Setting Type: WQL query
Data Type: String
Name space: root\cimv2
Class: win32_computersystem
Property: Model
Creating a Global condition for “Computer Manufacturer”
Name: Computer Model
Device type: Windows
Condition type: Setting
Setting Type: WQL query
Data Type: String
Name space: root\cimv2
Class: win32_computersystem
Property: Manufacturer
set Bitlocker to use XTS-256 instead of XTS-128 as the BitLocker encryption type in a task sequence
cmd /c reg.exe add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 7 /f
HP Driver Packs
https://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html
Upping maximum MIF size to 50MB
HKLM\Software\Microsoft\SMS\Components\SMS_INVENTORY_DATA_LOADER\Max MIF Size
Change value to “32000” (Hexadecimal)
No reboot or service restart required
Hardware inventory for monitors
Changing your password when your in a VM, within an RDP session, within a Citrix session, within another RDP session
C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
Collection to find machines with a pending restart
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System join sms_combineddeviceresources on sms_combineddeviceresources.resourceid = sms_r_system.resourceid where sms_combineddeviceresources.clientstate != 0
Powershell pending reboot module
install-module pendingreboot -confirm:$false
Test-PendingReboot -Computername <computername>
CoreTech SCCM shutdown tool
https://blog.ctglobalservices.com/configuration-manager-sccm/kea/configuration-manager-shutdown-utility/
Helpful tool for moving reports between hierarchies
https://code.google.com/archive/p/reportsync/
https://eskonr.com/2014/11/sccm-configmgr-how-to-import-export-migrate-upload-reports-to-cm12-easy-way-using-reportsync-tool/
https://gallery.technet.microsoft.com/SCCM-Reports-Manager-Tool-6ee5ae9e
Command Synchronicity
https://home.configmgrftw.com/command-synchronicity/#more-6875
Functionality i’d like to see added
One of the great things about the CB releases for SCCM is that there has been a steady flow of nice little touches – along with the major changes. Things that i would like to see included are:
- Add default classes to SCCM inventory for – Monitors, .NET framework versions (not enabled by default – but there, ready to be enabled)
- Remove the ridiculous “third party MDM detection” which cripples the client…. or at least allow the functionality to be turned off
- 802.1x support (native) for OSD
- Have a GUI wizard to create common collections – such as Windows 10 versions, Client versions, Endpoint protection status, hardware make/model collections for everything currently in the database
- Client upgrade check – allow tests to be run against existing clients to check if upgrading the client is feasible – and most importantly, if it will cause a reboot (due to .net framework other other supporting component upgrades)
- Allow columns/headings to be set as default for all views
- Improve visibility of peer cache usage, and importantly, help to determine why peer cache isn’t being used
- Allow setting of bitlocker encryption mode in the task sequence
- A method to prevent user logon while installing… this might be install at shutdown, or preventing logon during install
- Options to help with timely reboots – i.e. be able to define what happens with a system with a pending reboot… without needing to create a collection and deploy scripts to manage it. This is more than just software updates – its a pending reboot for any reason.
- Remote control…. a lot to be done here. Decent multi-monitor support, chat window, CMG integration etc
- WSUS categories for different versions of Win 10 – and x86/x64…. so we can not sync all the stuff we don’t need
- Default MIF size should be larger than 5 MB…. i would argue for 50Mb… and make it configurable via the GUI
- Default path for package source…. save an incredible amount of typing
- The security model currently sucks. At the very least it needs an effective permissions tester interface due to its complexity.