HappySCCM

Operating System Disrupter

  • What size is your CM Inventory History?

    SCCM functions slowing down such as collection update, run scripts? Probably some SQL/Options that needs tuning.I dont think Config Manager was designed to handle some of the newer inventory data at least at the frequency we get it. Having large tables of unneeded history will slow you down. If you are getting history like daily…

  • Smart App Control Policy affects/breaks App Control (WDAC)

    Windows enables Smart App Control Audit mode for the first 48 hours. This has been causing unpredictable results with App Control for Business. To fix it, it needs to be disabled in the unattend file in Specialize.

  •  Re-imaging SCCM 0xc000000f 0xc0000098

     Re-imaging SCCM 0xc000000f 0xc0000098

    If you are getting these errors after applying the OS, it’s likely you have the SkuSiPolicy.p7b deployed to EFI – See Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates – Microsoft Support / Secure boot revocations previous advice. Once you deploy that, Secure boot requires the file or newer to be on…

  • Get ConfigMgr Management points and Distribution points working with CIS

    Get ConfigMgr Management points and Distribution points working with CIS

    CIS sets the Network access: Remotely accessible registry paths group policy. Adjust to include SOFTWARE\Microsoft\SMS ie;System\CurrentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Server Applications, Software\Microsoft\Windows NT\CurrentVersion, SOFTWARE\Microsoft\SMS

  • How to manage WDAC

    This post isn’t about creating your initial policies and assumes you know how to create the first base policy, and supplemental policies. This will also setup SCCM to be a managed installer. Just a quick post to hopefully save someone some time. Ask me anything, I may have skipped over something. Setup Download Scripts Create…

  • SCCM WDAC Managed Installer

    If you use SCCM to deploy WDAC via the wizard, you will get constrained language mode in powershell. It’s best to deploy it via a script, also enable the managed installer reg for sccm or managed installer just doesn’t work

  • Task Sequence stops responding during msi install

    Task Sequence stops responding during msi install

    Recently trying to deploy Nitro PDF Pro during OSD the task sequence would just hang. This is due to the msi package wanting to copy over msvcp140.dll killing any processes using it (CcmExec, WmiPrvSE, policyHost). If you encounter any package like this you can add the switch MSIRESTARTMANAGERCONTROL=Disable which will bypass the check.

  • CM Console fails to connect to site server due to WDAC

    If you have WDAC deployed and included the recommended block rules the console will install but not correctly due to rule ID_DENY_INSTALLUTIL_1_0

  • Inject dot net 3.5 into Windows 11 wim before adding image to SCCM

    Previously Windows has been ok with using a dot net package from a different month, so you could add it during the task sequence without much trouble. Now you need the right version. Best way to do this is have a process to inject the wim then copy it to the network folder. Script lets…

  • Update Citrix VDA with SCCM Task Sequence

    Update Citrix VDA with SCCM Task Sequence

    Citrix is not great Install VDA Step 1 (Important bits bold): VDAWorkstationSetup_2206.exe /controllers “controller1 controller2 controller3 controller4” /remotepc /quiet /noreboot /noresume /enable_remote_assistance /logpath “C:\Windows\Temp” /enable_hdx_ports /enable_hdx_udp_ports /components vda /includeadditional “Citrix VDA Upgrade Agent” Options: Success Codes 0 8 3 Restart Computer:The currently installed default operating system Options:Conditions _SMSTSLastActionRetCode Not equals 0_SMSTSLastActionRetCode Not equals 8 Install…

Got any book recommendations?

Get In Touch