• Microsoft Endpoint Configuration Manager (MECM), formerly System Center Configuration Manager (SCCM) is systems management software that comes with several compliance-related features, including the ability to deploy configuration baselines (CBs) and configuration items (CIs) to ensure that the endpoints in your environment remain compliant with your organization’s security policies. In this guide, I will show you how to create CIs and BIs, run compliance reports, and, if applicable, remediation scripts.

  • In this guide, I will show you how to add, remove, and read Microsoft’s System Center Virtual Machine Manager (SCVMM) custom properties with PowerShell and the Virtual Machine Manager Console.

  • Every week, it seems that another company becomes the victim of a coordinated ransomware attack. While several companies offer various products and services to detect and contain ransomware, Microsoft’s File Server Resource Manager (FSRM) can be leveraged as an additional tool to prevent the encryption of files on your network shares. In this guide, I will show you how to prevent ransomware attacks on network shares with FSRM.

  • The Windows PowerShell script I introduce here detects brute force Remote Desktop attacks and blocks them in the Windows Firewall.

  • With the release of Windows 11, Microsoft has made it easier than ever to perform an in-place upgrade from Windows 10 to Windows 11 using Windows Update. However, if your organization is using WSUS with restricted update classifications, you may need to deploy Windows 11 using Microsoft Endpoint Configuration Manager. In this guide, I will show you how to deploy Windows 11 as an in-place upgrade using Microsoft Endpoint Configuration Manager (MECM).

  • 1) I have not tried renaming the folders the assemblies are copied to. I assumed the Active Directory PS module searched for the required assemblies in a specific location, which is why I pushed the folder down with exact names.

    2) You can change the logon background — either through group policy or the Windows registry. Note the group policy option will work with Windows 10 Enterprise and Education, only. Support for Windows 10 Pro has been deprecated (I believe) as of the Windows 10 Build 1511 ADMX update.

    3) That is something to take into consideration, for sure. Synchronous scripts have never given me any problems just because I use a master logon script that maps network drives and then performs any actions that require usage of those drives.

  • In this guide, I am going to show you how to put a workstation out of service remotely using Active Directory and PowerShell.

  • Having applications update on their own without any testing our quality control goes against best practices. I’ve seen Microsoft push out automatic updates that cause serious issues with their products and services. I do not want to take the chance of that happening on a web browser popular with end-users such as Mozilla Firefox. It’s just not my cup of tea.

  • In this guide, I am going to demonstrate how to use System Center Configuration Manager (SCCM) to deploy, update, and lock down the BIOS on HP systems using the HP BIOS Configuration Utility.

  • In my experience, Windows 10 Build 1703 seems to have some issues with sysprep and the copyprofile function. This causes the start menu to become unstable and internet explorer to stop working. Hopefully Microsoft will fix this with the upcoming Creator’s Update!

  • The Orca MSI Editor, which is part of the Microsoft Windows SDK for Windows 7, allows you to edit an MSI file to change various settings and disable features.

  • Hi Anthony– could you tell me which model this would be applicable to? I might have it in my inventory and could test some queries to try and get the task sequence to correctly distribute BIOS updates.

  • Check the %USERNAME%AppData folder and make sure the folder “Local” is not present. Also, what version of Windows are you using? I am aware Windows 10 Enterprise 2015 LTSB had roaming man. profile issues and these were some of them.

  • So when a user signs in for the first time, a new profile is going to be generated for them. If you want to have that customized profile used each time the user signs in without being regenerated, you are going to want to follow this guide up to the point where you Sysprep the machine. At this point, enter the following command:

    C:WindowsSystem32SysprepSysprep.exe /oobe /generalize /shutdown /Unattend:C:WindowsSystem32SysprepCopyProfile.xml

    You are then going to want to capture this image as it will contain your customized profile. Also, make sure you apply any desktop and application configurations in the profile itself or through group policy. You will not be able to go and make changes to the profile without re-capturing the image.

  • I’m a little confused with this one. Do you want to create a customized profile that is used by all users who logon to the machine? Or do you want to create a customized profile that is used by all users, but has only been checked-out by one (generic) user account which is shared by all users?

  • Load More
© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account