Demystifying Windows as a Service – Wake Up!

Great article on WaaS. It is a changed mindset on how Windows 10 is feed and water by all users. Yes, Windows 10 needs to be upgraded more frequently, but the total management time is reduced compared to the traditional operating systems.

https://blogs.msdn.microsoft.com/daviddasneves/2017/06/18/demystifying-windows-as-a-service-wake-up-please

Advertisements

DHCP Policies and Custom Vendor Classes

Many organisations still have legacy BIOS devices that do not support UEFI boot. So setup DHCP to provide both BIOS or UEFI boot files depending on what the device BIOS uses.

By using DHCP policies and custom vendor classes for the following DHCP Options:

Option 60
Option 66
Option 67

Assume that you have CM configured with a PXE enabled distribution point and a valid and configured DHCP server. You should therefore be at a configured state where you are able to PXE boot BIOS based devices.

Create Custom Vendor Classes for Use with your DHCP Policy

Think Custom Vendor Classes as Detection Method’s used to determine how devices are requesting a boot image from the DHCP server.

Open the DHCP Console and expand the IPv4 Node
Right-Click on ‘IPv4 Node’ and select ‘Define Vendor Classes’
Click ‘Add’
Create the UEFI 64-Bit Vendor class first by entering the following information
Enter the following information for the respective fields:
DisplayName: PXEClient (UEFI x64)
Description: PXEClient:Arch:00007
ASCII: PXEClient:Arch:00007
Click ‘OK’
Click ‘Add’
DisplayName: PXEClient (UEFI x86)
Description: PXEClient:Arch:00006
ASCII: PXEClient:Arch:00006
Click ‘OK’
Click ‘Add’
DisplayName: PXEClient (BIOS x86 & x64)
Description: PXEClient:Arch:00000
ASCII: PXEClient:Arch:00000
Click ‘OK’

Creating Custom DHCP Policies

UEFI 64-Bit DHCP Policy

Right-Click ‘Policies’ and click ‘New Policy’
Give the policy a friendly name that coincides with the your vendor class naming scheme:
PolicyName: PXEClient (UEFI x64)
Description: Delivers the correct bootfile for (UEFI x64)
Click ‘Next’
On the ‘Configure Conditions for the policy’ page click ‘add’
Select the ‘Value’ drop-down box and select the PXEClient (UEFI x64) vendor class that you created in previous steps
Ensure that you check the box ‘Append wildcard(*)’
Select ‘Add’
Select ‘Ok’
Click ‘Next’
If you want the policy to affect only a specific range within your scope configure it, otherwise select no and click ‘next’
On the Configure settings for the policy page ensure that ‘DHCP Standard Options’ is selected from the drop down box
Configure the following scope options:
060: PXEClient
066: IP Address of the SCCM or WDS Service
067: smsboot\x64\wdsmgfw.efi
Cick ‘Next’
On the Summary page click ‘Finish’

BIOS 32-Bit & 64-Bit DHCP Policy

Right-Click ‘Policies’ and click ‘New Policy’
Give the policy a friendly name that coincides with the your vendor class naming scheme:
PolicyName: PXEClient (BIOS x86 & x64)
Description: Delivers the correct bootfile for BIOS machines
Click ‘Next’
On the ‘Configure Conditions for the policy’ page click ‘add’
Select the ‘Value’ drop-down box and select the PXEClient (BIOS x86 & x64) vendor class that you created in previous steps
Ensure that you check the box ‘Append wildcard(*)’
Select ‘Add’
Select ‘Ok’
Click ‘Next’
If you want the policy to affect only a specific range within your scope configure it, otherwise select no and click ‘next’
On the Configure settings for the policy page ensure that ‘DHCP Standard Options’ is selected from the drop down box
Configure the following scope options:
060: PXEClient
066: IP Address of the SCCM or WDS Service
067: smsboot\x64\wdsnbp.com
Cick ‘Next’
On the Summary page click ‘Finish’

UEFI 32-Bit DHCP Policy

Right-Click ‘Policies’ and click ‘New Policy’
Give the policy a friendly name that coincides with the your vendor class naming scheme:
PolicyName: PXEClient (UEFI x86)
Description: Delivers the correct bootfile for (UEFI x86) machines
Click ‘Next’
On the ‘Configure Conditions for the policy’ page click ‘add’
Select the ‘Value’ drop-down box and select the PXEClient (UEFI x86) vendor class that you created in previous steps
Ensure that you check the box ‘Append wildcard(*)’
Select ‘Add’
Select ‘Ok’
Click ‘Next’
If you want the policy to affect only a specific range within your scope configure it, otherwise select no and click ‘next’
On the Configure settings for the policy page ensure that ‘DHCP Standard Options’ is selected from the drop down box
Configure the following scope options:
060: PXEClient
066: IP Address of the SCCM or WDS Service
067: smsboot\x86\wdsmgfw.efi
Cick ‘Next’
On the Summary page click ‘Finish’

Remove Default PXE Options

Ensure that you have removed the 067, 066, 060 options from the default scope options to ensure that the Policies take precedence otherwise you will end up with conflict

As long as you have configured everything correctly you should now have the ability to boot machines from  BIOS or UEFI.

Windows AutoPilot Deployment

Microsoft has announced that Windows AutoPilot Deployment – a new cloud service that enables IT professionals and partners to customize the Windows 10 out of box setup experience. It used cloud configuration, delivering a self-service deployment experience with new Windows 10 Pro devices. It is now available through CSP.https://blogs.windows.com/business/2017/06/29/delivering-modern-promise-windows-10/#7Y0FQE61FUq42yKb.97

For Windows AutoPilot Deployment feature overviews and demos please see below:

Group Policy Setting – Delete user profiles older than a specified number of days on system restart

A great user policy that purges old user profiles from devices on reboot. Staggering the setting at 180 on week one, then 90 on week two and finally 30 days in the third week.

This setting can be found under Computer Configuration \ Policies \ Administrative Templates \ System \ User Profiles

Microsoft Intune was not able to retrieve all the data

Microsoft Intune is setup and you are browsing through the Admin section. You notice the below message on a number of pages:

Microsoft Intune was not able to retrieve all the data

You save and review the log file. The second line reads:

Error occurred while retrieving JWT token, check that current user has an Intune license and try again.

Resolution

You need to assign a Intune A Direct license through the Office365 Admin Center. Ensure you have appropriate Administrative permission in Office 365.

Profit

 

Configuration Manager 2012 Version and Build Numbers

Configuration Manager 2012 version numbers, build numbers and cumulative updates since the SCCM 2012 RTM release.

Get the version number:

  1. Open the Configuration Manager console
  2. Browse to Administration, Site Configuration then Sites
  3. Right-click on the site and select Properties
  4. The site version and build number are shown
Release Version Build Download Link
SCCM 2012 RTM 5.00.7711.0000 7711 N/A
SCCM 2012 RTM – CU1 5.00.7711.0200 7711 KB2717295
SCCM 2012 RTM – CU2 5.00.7711.0301 7711 KB2780664
SCCM 2012 SP1 5.00.7804.1000 7804 N/A
SCCM 2012 SP1 – CU1 5.00.7804.1202 7804 KB2817245
SCCM 2012 SP1 – CU2 5.00.7804.1300 7804 KB2854009
SCCM 2012 SP1 – CU3 5.00.7804.1400 7804 KB2882125
SCCM 2012 SP1 – CU4 5.00.7804.1500 7804 KB2922875
SCCM 2012 SP1 – CU5 5.00.7804.1600 7804 KB2978017
SCCM 2012 R2 5.00.7958.1000 7958 N/A
SCCM 2012 R2 – CU1 5.00.7958.1203 7958 KB2938441
SCCM 2012 R2 – CU2 5.00.7958.1303 7958 KB2970177
SCCM 2012 R2 – CU3 5.00.7958.1401 7958 KB2994331
SCCM 2012 R2 – CU4 5.00.7958.1501 7958 KB3026739
SCCM 2012 R2 – CU5 5.00.7958.1604 7958 KB3054451
SCCM 2012 R2 SP1 5.00.8239.1000 8239 N/A
SCCM 2012 R2 SP1 – CU1 5.00.8239.1203 8239 KB3074857
SCCM 2012 R2 SP1 – CU2 5.00.8239.1301 8239 KB3100144
SCCM 2012 R2 SP1 – CU3 5.00.8239.1403 8239 KB3135680
SCCM 1511 5.00.8325.1000 8325 N/A
SCCM 1602 5.00.8355.1000 8355 N/A

 

Modify Performance Options and Visual Effects via Registry

Had a situation where I needed to modify the Visual Effects, under Performance Options, for a customer.

Create a Registry Item in Group Policy Preference under the User Configuration.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects

You have a number of options for the data value:

VisualFXSetting=dword:00000000 = Let Windows choose what’s best

VisualFXSetting=dword:00000001 = Adjust for best apperance

VisualFXSetting=dword:00000002 = Adjust for best performance

VisualFXSetting=dword:00000003 = Custom

Add the Apply once option and the end user can modify as required.

PowerShell – Configure Active Directory Permissions to Join Computer to the Domain

In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.

These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample Set-OUPermissions.ps1 script and copied it to C:\Setup\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01.

  1. On DC01, using Active Directory User and Computers, browse to contoso.com / Contoso / Service Accounts.
  2. Select the Service Accounts organizational unit (OU) and create the MDT_JD account using the following settings:
    1. Name: MDT_JD
    2. User logon name: MDT_JD
    3. Password: P@ssw0rd
    4. User must change password at next logon: Clear
    5. User cannot change password: Select
    6. Password never expires: Select
  3. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press Enter after each command:
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
    Set-Location C:\Setup\Scripts
    .\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
    
  4. The Set-OUPermissions.ps1 script allows the MDT_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted:
    1. Scope: This object and all descendant objects
      1. Create Computer objects
      2. Delete Computer objects
    2. Scope: Descendant Computer objects
      1. Read All Properties
      2. Write All Properties
      3. Read Permissions
      4. Modify Permissions
      5. Change Password
      6. Reset Password
      7. Validated write to DNS host name
      8. Validated write to service principal name

Enabling Disk Cleanup Utility in Windows Server 2012 R2

Enabling Disk Cleanup Utility in Windows Server 2012

  1. Open The Roles and Features Wizard
  2. Click on Add role and Feature to launch the add role and feature wizard
  3. Choose rolebase or feature based installation to install to local machine
  4. Click “next” all the way to features. Locate “User Interface and Infrastructure”. Click on “Desktop Experience”. Install additional required feature
  5. Make it sure that you reboot the system
  6. Verify that the Utility is indeed installed then run diskcleanup

Or alternately, executing the “Install-WindowsFeature Desktop-Experience”  cmdlet in Powershell also works.