Remove non authorized members of the local administrator group with ConfigMgr

    MVP Jörgen Nilsson did a great post the other day over at https://4sysops.com/archives/monitoring-laps-with-configuration-manager/ where he showcased how one could monitor LAPS with the help of CI’s in ConfigMgr to make sure it’s installed and running properly. Continuing on the LAPS theme and ways ConfigMgr can help us improve security and maintain control I would like […]

Category: Compliance Baselines, Compliance Items, Configuration Manager, Powershell, Scripting, Security, System Center Configuration Manager  |  5 Comments

Petya Ransomware – The Attack method and Preventing it

Todays News is all about Petya – but the way it gets onto PCs and spreads across the network is actually old news. In short, Petya does 3 things: Encrypt your files, Steal credentials, spread to other machines. It takes advantage of the “Shadow Broker Vulnerability” MS17-010. If you have patched your machine, you will […]

Category: Endpoint Protection, Malware Protection, Security, Software Updates, UEFI, Windows Defender  |  Comment

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to […]

Category: Config Mgr. R2 integration, Config Mgr. SP2, Config Mgr. Tools, Configuration Manager, Configuration Manager 2012, Configuration Manager 2012 R2, Configuration Manager 2012 SP1, Custom Updates, Home, Security, Software Updates  |  1 Comment

Automate Signature And Status Reports With PowerShell – Windows Defender (.txt file)

What you will be able to after reading this blog: Get the latest information about "your" Signature- & Anti Virus reports in Windows Defender and make it into a text file. How to automate it, so it will run every day and give you a status report with time and date. Being able to look […]

Category: Home, Operating Systems, Powershell, Scripting, Security, Software Updates, Tips and tricks  |  1 Comment

Working with managed applications within Configuration Manager 2012 R2 SP1

First, let’s define a managed application. In essence it’s a special policy that enable you to control settings in the application or browser like data encryption, can the user save the document as a new file etc. To successfully deploy a managed application you need to mix the application deployment with an application management policy. […]

Category: Configuration Manager, Mobile Device Management, Security, Software distribution, Tips and tricks  |  2 Comments

Deploying Windows 8 with MBAM Used-Space-Only Encryption

Windows 8 comes with the option to pre-provision the disk for use with BitLocker, allowing only the used-space to be encrypted, thus reducing the encryption time a lot. Problem occur when enterprises want to use the Microsoft Bitlocker Administration and Monitoring (MBAM) toolkit from the Microsoft Desktop Optimization Pack (MDOP) to store BitLocker recovery keys, […]

Category: Bitlocker, MBAM, OS Deployment, Security, Windows 8  |  14 Comments

Configuration Items and Baselines, Using Scripts (Powershell Example)

In the previous blog post i used file and registry settings for my Configuration Item. Another way to define your Configuration Item setting are scripts. And in CM2012 we have 3 scripting options: JScript PowerShell VBScript (The same goes for the use of scripts in Detection Methods when we create Application Deployment Types.)   Since […]

Category: Application Virtualization, Configuration Manager, Configuration Manager 2012 SP1, Security, Tips and tricks  |  1 Comment

Configuration Items and Baselines, Example: SCEP Client Compliance

This example will show you a way to get compliance data from your clients regarding the System Center Endpoint Protection 2012 Client. Now, I’m aware that we through CM2012 reports and console views already have good tools to monitor the client states in regard to SCEP – but lets say you have another antimalware product […]

Category: Configuration Manager, Configuration Manager 2012 SP1, Endpoint Protection, Security, Tips and tricks  |  Comment

KB2828233 Update for System Center 2012 Endpoint Protection

Ok so this SCEP Update has been released some time ago, but i have seen and heard some confusion on how to get this Update installed properly into the ConfigMgr environments. http://support.microsoft.com/kb/2828233 The KB2828233 update itself is a server update and you need to install it on your Primary Site servers as you do with […]

Category: Client Installation, Configuration Manager 2012 SP1, Endpoint Protection, Security, Software Updates  |  4 Comments

Automatic Client Upgrade greyed out

In ConfigMgr 2012 SP1 you might run into the Automatic Client Upgrade feature being greyed even if you are a full administrator. In this example I have a group called ConfigMgr Administrators that has been assigned Full Administrator rights but are still not able to enable the Automatic Client Upgrade settings. To fix the issue […]

Category: Configuration Manager 2012, Configuration Manager 2012 SP1, Security, Troubleshooting  |  10 Comments