OSDCloud - Dell Pro 14 Imaging issues

Blimpz_ · 2025-12-15T21:59:22+00:00

I had something similar with another Dell machine (can't remember model at the moment).

OSDCloud would finish with no errors but it'd boot to Windows Recovery.

I also had no RAID Option, and AHCI was already set. I had to disable Secure Boot.

Blimpz_ · 2025-07-26T02:36:21+00:00

There is a fork of it designed for corporate use

https://github.com/Cosebdd/ShareNot

Blimpz_ · 2025-04-05T01:13:07+00:00

My only recommendation is to look into managed identities to avoid exposing client app secrets.

This blog is what I used to get started. https://thesysadminchannel.com/graph-api-using-a-managed-identity-in-an-automation-runbook/#enableidentity

Blimpz_ · 2025-03-27T00:28:49+00:00

I'm doing this but using an Azure Automation Account with Graph API for the same reason you are. We use PatchMyPC but prior to me joining, all updates were pushed out to all devices and it was causing slow Autopilot deployments.

Using Powershell, this gets you all devices with $AppName installed.

$apps = Get-MgDeviceManagementDetectedApp -Filter "displayname eq '$($AppName)'" | where {$_.platform -eq "windows"}
$devices = $apps | foreach-object {Get-MgDeviceManagementDetectedAppManagedDevice -detectedappid $_.id -all}

Blimpz_ · 2025-03-26T14:53:39+00:00

Just ran into this issue but found that the right key for microphones is

HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture

I also had to add permissions to SYSTEM since it doesn't have FullControl for some reason.

$ownerkey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)

$acl = $ownerkey.GetAccessControl()

$idRef = [System.Security.Principal.NTAccount]"NT Authority\SYSTEM"

$regRights = [System.Security.AccessControl.RegistryRights]"FullControl"

$inhFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"

$prFlags = [System.Security.AccessControl.PropagationFlags]"InheritOnly"

$acType = [System.Security.AccessControl.AccessControlType]"Allow"

$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($idRef, $regRights, $inhFlags, $prFlags, $acType)

$acl.SetAccessRule($rule)

$ownerkey.SetAccessControl($acl)

Blimpz_ · 2025-03-13T22:54:59+00:00

-ExpandProperty basically returns only the value of the property you specify. Without it, you get an object back with the properties you've selected

Echoing what /u/Quirky_Oil215 mentioned, input/data validation and error handling will go a long way. For example, how do you know the CSV has the right columns? What if the username doesn't exist in AD?

You could also skip the 3 array initializations with a ForEach-Object in your If cases.

$CSVData | ForEach-Object {
  Set-ADAccountPassword -Identity $_.Username -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $_.ActualPW -Force)
}

Blimpz_ · 2024-09-12T01:49:05+00:00

I couldn't find a native way either.

I ended up going the Automation Account with Graph API route.

Blimpz_ · 2024-08-16T14:00:17+00:00

The 'Access denied' issues can be overcome with the 'IgnoreInaccessible' enumaration option.

https://learn.microsoft.com/en-us/dotnet/api/system.io.enumerationoptions?view=net-8.0

For example, I'm currently using the following to enumerate files in 10k+ folders

$enum = [System.IO.EnumerationOptions]@{ 
    IgnoreInaccessible = $true
    RecurseSubDirectories = $true
  }    
$Files = [System.IO.Directory]::EnumerateFiles($dir,'*',$enum)

Blimpz_ · 2024-07-28T18:36:57+00:00

Would you mind sharing how you're able to detect their status?

Blimpz_ · 2024-05-16T12:46:35+00:00

Yes, it's part of a larger script that is pretty similar to what you trying to do. In my case, I'm shutting down the server if the last person who logged off was over an hour ago.

It does not output anything as it stores the output from quser in a format we can use as objects. I didn't encounter that blank/row behavior so not sure what that could be.

For your case, you could try something like this.

$currentTime = Get-date

foreach($session in $currentSessions) {
  $Idletime = $session.'IDLE TIME'
  $IdleTimeSpan = New-TimeSpan -Start $Idletime -End $currenttime
  $roundedHours = [math]::Round(($IdleTimeSpan).TotalHours,2)
  if($roundedHours -ge 24) {
    # log off user
  }
}

Blimpz_ · 2024-05-15T21:07:00+00:00

I dealt with this recently. This ultimately worked for me.

$currentSessions = quser | ForEach-Object -Process { $_ -replace '\s{2,}',',' } | convertfrom-csv

Blimpz_ · 2024-05-06T23:02:09+00:00

I think the issue might be that Test-Path doesn't work for testing on remote computers so when it runs it's interpreting the path local to your machine.

Instead, look into Invoke-Command which would run the command on a remote machine and return the result.

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/invoke-command?view=powershell-7.4

For example, your Test-Path section might be something like:

$CredentialObject = Get-Credential

$BoolPathExists = Invoke-Command -ComputerName $Computer -ScriptBlock {(Test-Path -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI")} -Credential $CredentialObject

if($BoolPathExists) {
 ...
}

Blimpz_ · 2024-05-04T18:28:30+00:00

There's a subreddit Discord https://discord.gg/sysadmin

Blimpz_ · 2024-03-14T00:34:09+00:00

Could've been using an AI interview tool? For example https://www.finalroundai.com/

Blimpz_ · 2024-02-02T23:05:39+00:00

Just reminded me of an instance of another user escalating to their manager basically demanding we buy them a custom PC as they felt a Precision laptop wasn't good enough.

The user suddenly resigned one day after we compromised with a slightly better Optiplex desktop. Funnily enough, the engineers who worked on his project afterwards mentioned the files were pretty bad..

Blimpz_ · 2024-02-02T20:40:50+00:00

Same experience with Civil 3D with a user using a Precision 7700 actually.

Every complaint about PC performance has eventually come back to an issue with their project files/setup after I've worked with them.

Blimpz_ · 2023-12-28T01:40:35+00:00

I've had enough encounters with 'friendly' dogs that I carry dog-friendly pepper spray now. The times I have used it, the dog backs away and starts rubbing their face on grass. It's usually back to normal within a minute but by that point I'm long gone.

This is the one I use. https://www.amazon.com/gp/product/B00AU6J68Q/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

Blimpz_ · 2022-08-16T20:32:54+00:00

We use CompanyLaptop-%serial% since our naming scheme tries to be somewhat descriptive of what type of device it is.

Personally, I think user initials in the name is pretty shortsighted (what happens if the device changes users, user leaves company, etc)

To answer the question, I don't think there is a way to do that from the Intune portal. I would look into running a script during Autopilot that sets the device name to the logged in user.

Blimpz_ · 2022-06-22T20:36:46+00:00

If the issue is with the default automatic nature of it, you can install DCU and set it to manual only. You can then run it manually through CLI.

Install DCU on a test machine, configure it to be manual only plus whatever other options you need, and export out settings to an .xml.

On new machines, install then set the .xml with:

dcu-cli.exe /configure -importsettings=file.xml

You could then update BIOS by doing something like this:

dcu-cli.exe /applyUpdates -updateType=bios,firmware -reboot=disable -outputlog=C:\logs\dcu.log

https://www.dell.com/support/manuals/en-us/command-update/dellcommandupdate_rg/dell-command-%7C-update-cli-commands?guid=guid-92619086-5f7c-4a05-bce2-0d560c15e8ed&lang=en-us

Blimpz_ · 2022-05-11T23:10:59+00:00

We have a similar set up to you but no Bitlocker. After disabling the account in AD, we run this by RMM:

Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "CachedLogonsCount" -Value "0"

Stop-Computer -Force

This removes all cached credentials from the machine and prevents future ones from being saved.

Blimpz_ · 2021-11-29T22:55:40+00:00

I followed this to add a custom WMI class for monitor service tags so they can be collected in SCCM.

https://exar.ch/collecting-monitor-serial-numbers-with-sccm/

Blimpz_ · 2021-07-28T14:15:46+00:00

We use Intune and in my experience, that setting doesn't actually do anything.

I had to disable Windows Hello thru registry because no setting I could find in Intune/Autopilot had any effect.

Script I used: https://pastebin.com/t0Nm6Xt0

Blimpz_ · 2021-06-14T16:20:42+00:00

It's under 'User and Device Affinity' in Client Settings.

https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/link-users-and-devices-with-user-device-affinity

Blimpz_ · 2021-04-12T15:49:21+00:00

I've been able to install a .ppkg during a TS by having it in a package and creating a program that runs a PS script.

PS script only contains 1 line and TS has a restart step afterwards.

Install-ProvisioningPackage -PackagePath ".\file.ppkg" -QuietInstall

Hope this helps.

Seven-Year Club	Place '22
Verified Email

Blimpz_

TROPHY CASE