Create User collections based on AD department attribute with Powershell

If you are an organization who uses the Department attribute in Active directory and want to target users withing those departments for different deployments but you have a lot of departments and you don't know where to start, well then this post might be useful for you.   The script in this post retrieves all the departments that gets collected by the Users AD attribute by ConfigMgr (Not turned on by default needs to get added. See guide below) and from those departments it creates a user collection with a query that populates the collection with all users who are [...]

By | 2017-12-14T19:41:24+00:00 December 14th, 2017|Configuration Manager (SCCM), Powershell, Scripting|6 Comments

Continuous Delivery WebApps with ARM Templates, Part 2

Previous: Continuous Delivery WebApps with ARM Templates, Part 1 Cross-posting from personal blog https://cloudmechanic.net So it has been some busy months and therefor a bit delayed with this second post, but now I finally got a moment to finish it, so here we go! In the previous post we created and tested the continuous delivery pipeline for the Azure resources using a ARM template, and with the pipeline for deploying the Azure resources we are now ready to create the pipeline to deploy the application. First you should go and grab the latest version of the ARM template and the [...]

By | 2017-12-12T15:15:53+00:00 December 12th, 2017|Azure|0 Comments

Using Office 365 Portal Security Token for Authentication with custom website

When creating a lot of different web front-ends, it is always rather complex to get started with single sign-on or integrated login. The simple way to not maintain a credential database or passwords is to validate against a 3. party website. This is where the Office 365 Portal comes in handy, especially because many companies are already validating against or with it. I created this code as part of another solution, the example here has been cut down for demonstration purposes and easy integration. You will be able to validate against Portal.microsoftonline.com as long as the login is allowed for [...]

By | 2017-12-11T08:59:07+00:00 December 11th, 2017|Office 365, Scripting & Development, Security|0 Comments

ConfigMgr PowerShell and WMI Excel spreadsheet

I just posted on Github updated version of Excel spreadsheet where you can find all the ConfigMgr PowerShell cmdlets, Primary Site WMI namespace methods, ConfigMgr Client WMI methods and COM object methods as well. You can download the Excel spreadsheet from here - https://github.com/Kaidja/ConfigMgrSDK/blob/master/ConfigMgr_cmdlets.xlsx

By | 2017-12-08T09:48:01+00:00 December 7th, 2017|Configuration Manager (SCCM), Powershell, Scripting|0 Comments

Intune: Use PowerShell management extension to enable BitLocker on a modern managed Win10 device

I wrote a blog post back in April on "how to manage BitLocker on a Azure AD Joined Windows 10 Device managed by Intune", where I also wrote a PowerShell script to automate the encryption process for the day that we would get PowerShell support in Intune. Well Microsoft announced in September the Management extension for Intune which basically lets you deploy PowerShell scripts via. Intune to Windows 10 devices. My co-worker Peter Daalmans wrote a great blog post about it right after, where he explained in more detail about the extension. I have a link for that post at [...]

PowerShell Script for updating Runbook Steps in a Task Sequence!

The MDT Toolkit is great! One very useful feature is the “Execute Runbook” Step, which can execute a runbook in Orchestrator. Unfortunately Orchestrator has a little quirk, when moving to new environment, such as moving from Test to Prod. All runbooks get a new GUID, and runbook parameters might get a new GUID.  Besides this, the Server names usually needs to be changed too! This can be a trivial task, which an automation guy like me hate to do! Everytime Server name is updated, all parameters has to be setup again. This also makes the task prone to errors! So [...]

Androids in the Enterprise, a blessing or nightmare? – part 1

Many people who know me know that I am not the fan boy of Android devices. It can be a nightmare when managing those devices, but is that still a valid statement or is it getting better? In this series of blogs, I want to try to get a clear view if Android devices in an Enterprise are a blessing or a nightmare. That there are Android devices connecting to most environments to get access to corporate data is a fact. When looking at Microsoft Intune we can block the ability that Android devices can be enrolled into Intune, but [...]

By | 2017-12-01T15:57:46+00:00 December 4th, 2017|Enterprise Mobility Suite (EMS), Security|0 Comments

Adjust Your Mirrors to Avoid Blind Spots

…and why the Enterprise needs IT visualization Two months ago, we launched the latest version of our cloud based visualization service CTGlobal Insight & Analytics and looking back at the last two years where we have been working with customers visualizing various IT KPI’s this post will answer the question I get from all customers “How do other companies avoid big blind spots in their enterprise IT?” We all know the depressing facts about the damage caused by Wanacry, Patya and Adylkuzz ransomware and we also know that the impact of these attacks could have been avoided if only security [...]

By | 2017-12-01T16:16:23+00:00 December 1st, 2017|Uncategorized|0 Comments

How to use SCCM SDK in C# with a WQL Query that contains joins

Sometimes you just stop and wonder: how DO you make a WQL query with joins and use it with the SCCM SDK in C#? It's that gnawing thought we all have right? So after spending an hour reading through people saying: "It's NOT supported!" and some people who said it was (without any examples whatsoever), I managed to get a small sample working. So if any of you should come across this challenge (which is of course the most of the world), then here is a code-example on how to do it: It's a small console application that output all [...]

The Big Bang and how it changed my life as an IT Pro

Maybe a misleading headline for my blog post, as it’s really the opposite message I’m trying to deliver. The Big Bang I’m referring to in the title is the change to a Cloud world from our “good old” on-premises infrastructure. For many organizations the Big Bang still hasn’t happened, not that organizations are not embracing new Cloud opportunities, most just can’t change everything overnight. Starting 5-6 years ago, I heard and read many stories that the “Cloud era” would be the end of life as we know it for IT Pros. Personally, I claim this statement to be false.For this [...]

By | 2017-11-14T16:10:52+00:00 November 14th, 2017|Configuration Manager (SCCM), Security, Windows Client|0 Comments

Windows 10: Modern Management – Automate OSD with a USB drive and a Provisioning Package

First of all this is not a blog post on how you create an provisioning package or how that works. However I will link a few other post from Microsoft to get you started if that is something you are looking for. So jump to the end of this post for a select few great posts on the topic. If you are using Autopilot, then you are using Autopilot, good for you! :) There may be situations where you want to combine provisioning packages and Autopilot. I will explain this further in an upcoming blogpost about Autopilot. Now, in this [...]

By | 2017-11-15T15:30:53+00:00 November 12th, 2017|Uncategorized|0 Comments

Intune: Reporting Part 1 – create basic inventory report directly from Intune Console

I am a ConfigMgr consultant by heart where I have spent most of my IT-career designing and building ConfigMgr Solutions for customers. And everyone that has worked with ConfigMgr knows that you can report on basically anything from the clients managed by ConfigMgr. If you don't see the data, the reason is probable that the the Agent is not configured to harvest it. Well for the past 3-4 years I have also been working with Intune where the reporting capabilities has been a bit limited, especially devices managed through mdm, however the reporting has capabilities been greatly improved over the [...]

By | 2017-11-13T00:23:52+00:00 October 31st, 2017|Azure, Enterprise Mobility Suite (EMS)|1 Comment

ConfigMgr: Issues setting up new MP’s? Check your SPN’s!

An old topic, revisited; This is just a quick blog post to inform any in the same situation as myself where a customer had some issues setting up 5 MP's at a customer. Now we all know that when setting up an new MP, or over time we may get some errors returned to us in one of the many log files monitoring the Management Point service in ConfigMgr. This is because MPs has quite a few prerequisites that either needs to be in place before it functions properly or needs TLC over time. The other day I was at [...]

By | 2017-11-13T00:22:16+00:00 October 30th, 2017|Configuration Manager (SCCM)|1 Comment

Continuous Delivery WebApps with ARM Templates, Part 1

Cross-posting from personal blog https://cloudmechanic.netThe boss words these days is all about DevOps, Everything as Code, Continuous Delivery, but how do you actually do it? And why should you do it? Hopefully this post will help you getting started, and by the end of the post provide you with a complete working scenario. So lets get started!First let me describe the scenario. This case will deploy a simple To-do List .NET WebApp using a Azure SQL Database and monitored with Application Insight.All code needed for this is provided doing the article, so don't worry you don't need to know anything [...]

By | 2017-10-26T19:42:46+00:00 October 26th, 2017|Azure|0 Comments

Manage your Windows 10 devices via PowerShell and Microsoft Intune

A big wish of the community and companies using Microsoft Intune was the ability to manage Windows 10 devices that are managed with Microsoft Intune via PowerShell. Since the MDM channel is not supporting deployment and the execution of PowerShell scripts, Microsoft announced today at Ignite the Microsoft Intune Management Extension. Meet the Microsoft Intune Management Extension The Microsoft Intune Management Extension is an addition to the current Windows 10 MDM capabilities and allows us now to deploy and execute PowerShell scripts. The Microsoft Intune Management Extension is automatically deployed and installed on Azure AD joined devices. The Microsoft Intune [...]

By | 2017-09-26T02:35:29+00:00 September 26th, 2017|Automation, Enterprise Mobility Suite (EMS), Powershell|3 Comments

Enhanced Sync-VSTSGit runbook that support Pull Requests

My colleague Andreas and me was preparing demos for our Azure Automation – Advanced runbook design session at Experts Live EU More info on the session hereUse thís runbook to support automatic synchronization from visual studio git repositories! (See the session recording for WHY!)It is based on the script provided by MSFT at https://github.com/azureautomation/runbooks/blob/master/Utility/ARM/Sync-VSTS.ps1We will make sure to submit a pull request to get the enchanced code implemented in that version.This version add’s support for multiple branches and pull requests, while the original runbook only supports synchronizing direct commits.To setup the solution, follow the guide described here:https://docs.microsoft.com/en-us/azure/automation/automation-scenario-source-control-integration-with-vstsGood luck! [crayon-5a341deea2884134580185/]

By | 2017-08-25T14:11:40+00:00 August 24th, 2017|Powershell|0 Comments

It’s here, Android O aka Android Oreo

Google just announced the release of Android 8.0 aka Android Oreo - https://www.android.com/versions/oreo-8-0/ and https://youtu.be/twZggnNbFqo lot’s of new cool features to look forward to, and also important architecture changes. My believe is that especially the architecture change, will have an impact on those administrators managing Android devices as future OS upgrades can come faster. The vendor specific implementation will now be separated from the OS framework as illustrated below. This change, and many of other security features will all be supported from Microsoft Intune and Microsoft System Center Configuration Manager with Zero day support. Before moving into testing, a couple [...]

System Center Configuration Manager Toolkit Package Download Very Slow

Recently I built a new ConfigMgr/SCCM environment for a customer. I installed the Microsoft Deployment Toolkit and created an MDT integrated task sequence in SCCM. The deployment task sequence that I created was very slow, it took at least a couple of hours to load. I noticed that the toolkit package was taking approximately 30 minutes to download. The site server was running Symantec antivirus and I had not yet configured any antivirus exclusions. This was a simple sign server environment therefore I add the exclusions listed in this article on the site server. In a more complex environment the [...]

Create and run scripts with the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

In my last post I talked about how we could activate the new feature "Run Powershell script from the ConfigMgr" on current branch 1706 and in this post I would like to talk about on how to get started using this wonderful feature once you have activated it. This feature really shows that the ConfigMgr product team over at Microsoft really listens to its community and that they do everything they can to improve the product. Tho this feature is a bit rough around the edges it shows great potential and i can't wait to see how it will evolve over time [...]

Configuration Manager Current Branch upgrade stuck in downloading

Managing Configuration Manager is like operating a high-speed train with new monthly updates to the Technical Preview build and 3 yearly updates to the production build. No matter how smooth and easy the upgrade process has become, an upgrade is still an upgrade and things can go wrong (read: backup/snapshot first). With the release of Technical Preview 1705 (and now also found in production build 1706), the Configuration Manager Update Reset Tool - CMUpdateReset.exe were released. The tool will assist if you experience issues with new upgrades/hotfixes stuck in download. You’ll find the tool in .\microsoft configuration manager\cd.latest\smssetup\tools. I recently [...]

By | 2017-07-30T15:18:06+00:00 July 30th, 2017|Configuration Manager (SCCM), General info|8 Comments

How to activate the new feature “Run Powershell scripts from the ConfigMgr console” on current branch 1706

Yesterday the ConfigMgr product team over at Microsoft released the latest current branch version 1706 (and the techincal preview 1707 within a 24 hour period, Awesome work!) and with that came another great pre-release feature that we previously only had access to in the Technical Preview (TP 1706) and that's the ability to run powershell scripts directly from the ConfigMgr console. This is one great feature that really excites me :D   If you want to learn more about this feature you can read the MS docs here: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts   Lets get started. First make sure that we are running [...]

By | 2017-07-29T11:17:31+00:00 July 29th, 2017|Configuration Manager (SCCM), Powershell|2 Comments

Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI's in ConfigMgr to make sure it's installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like to talk a little about how we can remove non authorized members of the local administrator group with the help of Configuration Items/Baselines in ConfigMgr.   For those who are unfamiliar with LAPS (Local administrator password solution) you can learn more here: https://technet.microsoft.com/en-us/mt227395.aspx     [...]

Petya Ransomware – The Attack method and Preventing it

Todays News is all about Petya - but the way it gets onto PCs and spreads across the network is actually old news. In short, Petya does 3 things: Encrypt your files, Steal credentials, spread to other machines. It takes advantage of the "Shadow Broker Vulnerability" MS17-010. If you have patched your machine, you will not be hit with the SMB exploit. How ever it also use Mimikatz like capabilities to steal credentials from the local machine and copy it self to other machines $Admin share. A kill-switch has been described as simple as creating a file called C:\Windows\perfc (without [...]