SCCM – useful odds and sods

As many of you do (i imagine) – you run into useful things, use them once… or a few times…. or a few hundred times, but recording these in a central location is something that tech’s are just not good at.

For me, this is demonstrated by the times i google something and my own f*cking blog comes back with the answer…. i’m old, forgetful and deal with a lot of clients and technologies…. Still….

The purpose of this page is simply to provide a reminder for me and my employees about various useful bits and pieces…. and if it helps others – all the better.


 

Task sequence monitorhttps://gallery.technet.microsoft.com/ConfigMgr-Task-Sequence-fefdc532

Pre-req installerhttps://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd

TFTP mod scripthttps://ccmexec.com/wp-content/uploads/2016/09/SCCMTFTP.ps1

Creating a Global condition for “Computer Model”

Name:                     Computer Model
Device type:            Windows
Condition type:        Setting
Setting Type:           WQL query
Data Type:               String
Name space:           root\cimv2
Class:                       win32_computersystem
Property:                  Model

 

Creating a Global condition for “Computer Manufacturer”

Name:                     Computer Model
Device type:            Windows
Condition type:        Setting
Setting Type:           WQL query
Data Type:               String
Name space:           root\cimv2
Class:                       win32_computersystem
Property:                 Manufacturer

 

set Bitlocker to use XTS-256 instead of XTS-128 as the BitLocker encryption type in a task sequence

cmd /c reg.exe add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 7 /f

 

HP Driver Packs

https://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html

 

Upping maximum MIF size to 50MB

HKLM\Software\Microsoft\SMS\Components\SMS_INVENTORY_DATA_LOADER\Max MIF Size

Change value to “32000” (Hexadecimal)

No reboot or service restart required

 

Hardware inventory for monitors

Collecting monitor serial numbers with SCCM

 

Changing your password when your in a VM, within an RDP session, within a Citrix session, within another RDP session

C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}

 

Collection to find machines with a pending restart

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System join sms_combineddeviceresources on sms_combineddeviceresources.resourceid = sms_r_system.resourceid where sms_combineddeviceresources.clientstate != 0

 

Powershell pending reboot module

install-module pendingreboot -confirm:$false

Test-PendingReboot -Computername <computername>

 

CoreTech SCCM shutdown tool

https://blog.ctglobalservices.com/configuration-manager-sccm/kea/configuration-manager-shutdown-utility/

 

Helpful tool for moving reports between hierarchies

https://code.google.com/archive/p/reportsync/

https://eskonr.com/2014/11/sccm-configmgr-how-to-import-export-migrate-upload-reports-to-cm12-easy-way-using-reportsync-tool/

https://gallery.technet.microsoft.com/SCCM-Reports-Manager-Tool-6ee5ae9e

Command Synchronicity

https://home.configmgrftw.com/command-synchronicity/#more-6875

 

 

Functionality i’d like to see added

One of the great things about the CB releases for SCCM is that there has been a steady flow of nice little touches – along with the major changes. Things that i would like to see included are:

  • Add default classes to SCCM inventory for – Monitors, .NET framework versions (not enabled by default – but there, ready to be enabled)
  • Remove the ridiculous “third party MDM detection” which cripples the client…. or at least allow the functionality to be turned off
  • 802.1x support (native) for OSD
  • Have a GUI wizard to create common collections – such as Windows 10 versions, Client versions, Endpoint protection status, hardware make/model collections for everything currently in the database
  • Client upgrade check – allow tests to be run against existing clients to check if upgrading the client is feasible – and most importantly, if it will cause a reboot (due to .net framework other other supporting component upgrades)
  • Allow columns/headings to be set as default for all views
  • Improve visibility of peer cache usage, and importantly, help to determine why peer cache isn’t being used
  • Allow setting of bitlocker encryption mode in the task sequence
  • A method to prevent user logon while installing… this might be install at shutdown, or preventing logon during install
  • Options to help with timely reboots – i.e. be able to define what happens with a system with a pending reboot… without needing to create a collection and deploy scripts to manage it. This is more than just software updates – its a pending reboot for any reason.
  • Remote control…. a lot to be done here. Decent multi-monitor support, chat window, CMG integration etc
  • WSUS categories for different versions of Win 10 – and x86/x64…. so we can not sync all the stuff we don’t need
  • Default MIF size should be larger than 5 MB…. i would argue for 50Mb… and make it configurable via the GUI
  • Default path for package source…. save an incredible amount of typing
  • The security model currently sucks. At the very least it needs an effective permissions tester interface due to its complexity.