Windows Autopilot and No Recovery Environment

Windows Autopilot relies on Windows Recovery Environment (WinRE) for certain tasks during the provisioning process. When a computer lacks the WinRE enviornment, you may encounter issues during an Windows Autopilot reset of the machine.

The Windows Recovery Environment is a minimal operating system used to troubleshoot and recover Windows installations.

To address this, it is recommended to ensure that WinRE is properly configured and available on devices intended for Autopilot provisioning. This involves checking the WinRE configuration, making sure it’s included in the Windows image, and ensuring it’s accessible during the Autopilot process. Additionally, keeping Windows installations up-to-date and following best practices for device provisioning can help mitigate these challenges.

Read More

Evaluate ConfigMgr Client Policy with PowerShell

This is how I use PowerShell to force the Configuration Manager client to force evaluate policy.

The following PowerShell code will force machine policy evaluation.

$trigger = "{00000000-0000-0000-0000-000000000021}"
Invoke-CimMethod -Namespace 'root\ccm' -ClassName 'sms_client' -MethodName TriggerSchedule -Arguments @{sScheduleID=$trigger}
Start-Sleep -Seconds 10
$trigger = "{00000000-0000-0000-0000-000000000022}"
Invoke-CimMethod -Namespace 'root\ccm' -ClassName 'sms_client' -MethodName TriggerSchedule -Arguments @{sScheduleID=$trigger}

The list below is a reference of ScheduleIDs and their respective policy

Read More
Microsoft Intune

How To Make Intune MDM Policy Win over GPO

How to make Intune MDM policy win over GPO. MDM policy is preferred over GPO’s for the simple reason that GPO require line of sight to a domain controller to apply, while MDM only requires an Internet connection. MDM policy with Intune is also much more reliable, and provides significantly better reporting over GPO.

The big downside used to be that GPO would always win if there was a conflict between a policy from any other source. That is no longer the case, in Windows 10 1803 (and newer builds), Microsoft implemented a custom policy in Intune that we can define to ensure that MDM policy win over GPO whenever there are conflicts. This makes the goal of moving away from GPO to MDM much easier as we no longer have to worry about any potential conflicts from some undocumented and long ago forgotten group policy.

Read More
Microsoft 365 Apps

Auto Update M365 Apps installation package in MEMCM with PowerShell

How to auto update M365 Apps installation package in MEMCM with PowerShell and a scheduled task.

I wanted a process that would automatically update the installation package files for Microsoft 365 Apps on a schedule and then update the distribution points in Microsoft Endpoint Manager Configuration Manager (MEMCM). This would ensure that whenever an OSD task sequence ran, M365 apps / Office 365 would install using the latest version for the selected channel, and no updates where required once the task sequence was complete.

Read More
ConfigMgr Client Health

ConfigMgr Client Health 0.8.0 – Introducing Webservice

I’m happy to release version 0.8.0 of ConfigMgr Client Health, and introduce a webservice to communicate with the database.

The script now supports updating the database through a RESTful API, which simplifies and secures communication with the database. Using the -Webservice parameter, the script sends the results to the webservice, which then updates the database. Computer accounts no longer requires write access to the database in order to update it. Read More

ConfigMgr Client Health

ConfigMgr Client Health 0.7.6 Released – Important bugfix

ConfigMgr Client Health version 0.7.6 is released, and this version includes an important bugfix.

The previous version (0.7.5) introduced a new test that added a dependency on the smstsmgr service. Unfortuenatly this change ended up breaking the upgrade task sequence, something that my tests never caught as I never tested running an upgrade task sequence before releasing a new version. My test protocol is now updated, and this is something I will start testing from now now. Read More