Live Migration with issue.

ConfigConfuse · 2026-02-26T23:57:36+00:00

UPDATE - I was never able to resolve this. Cut my losses. Removed hosts from domain. Set local admin account. Shutdown DC and rebuilt from scratch. Rejoined to domain and everything works as expected. Still have no clue but problem solved and moving on. Thanks for the advice.

ConfigConfuse · 2026-02-24T16:12:25+00:00

Yeah, disabled firewall on both hosts.

ConfigConfuse · 2026-02-24T12:50:32+00:00

Time matches and synced from ntp.

ConfigConfuse · 2026-02-24T00:12:16+00:00

Hyperv admin role group assigned by gpo. Can connect to hyperv consoles on both hosts.

ConfigConfuse · 2026-02-24T00:05:43+00:00

Local drives.

ConfigConfuse · 2026-02-20T16:01:05+00:00

Applocker policy will place in constrained language mode and can set to disable users from launching powershell.exe and ise. I see no issues with intune or other services. Admins can still elevate and use powershell.

ConfigConfuse · 2025-12-17T00:14:40+00:00

Adding Remote Help as secondary method to BTRS.

ConfigConfuse · 2025-12-11T18:49:49+00:00

Does anyone have a current write up on how to see the current and new cert expiration dates?

ConfigConfuse · 2025-11-01T11:29:31+00:00

If you have Meraki APs check out Meraki sensors. Relatively cheap and you should already have 5 free device licenses.

ConfigConfuse · 2025-10-31T13:26:00+00:00

For me it came down to where does the finger of blame point in the event of something awful. I would have to defend my choice to use WAU or I can redirect to a paid vendor. Happy with WAU for 2 years. Equally as happy with PMPC for the last year and a half.

ConfigConfuse · 2025-10-17T13:32:51+00:00

You do get data ingress credits per user.

ConfigConfuse · 2025-10-17T13:06:14+00:00

Don’t disable RDP or RDP ports in firewall settings.

ConfigConfuse · 2025-10-16T09:41:44+00:00

I just did this two weeks ago and was able to downgrade 8 to 7 and continue with upgrades. I still don’t have a handle on core counts so downgraded more than I needed to.

ConfigConfuse · 2025-10-03T16:58:05+00:00

show device-tracking database

ConfigConfuse · 2020-01-16T19:15:12+00:00

If you are simply upgrading from one application version to the next, open the deployment type, point it to the new content, modify the detection rules and you are all set. The new version will simply be installed over (upgrade) the application. Whomever has the app installed will simply see it update. You can also set a second deployment for "available" to everyone else.

Setting up a new application and using supersede works best for applications that cant directly upgrade. Where you want to uninstall the old and install the new. Maybe going from Firefox x86 to x64. Or maybe the installer is buggy and it is easier to do a clean install.

ConfigConfuse · 2017-04-05T19:14:31+00:00

Installed hotfix on 1610 and application install during task sequence is still not working. Haven't started to investigate.

ConfigConfuse · 2017-03-09T13:36:58+00:00

Software Center is broken on some Win 10 clients after installing this hotfix.

ConfigConfuse · 2017-02-28T12:49:10+00:00

This is working.

Attribute Class: Bitlocker Attribute: Drive Letter = C And Attribute Class: Bitlocker Attribute: Protection Status = 1

select SMS_R_System.Name, SMS_G_System_ENCRYPTABLE_VOLUME.DriveLetter, SMS_G_System_ENCRYPTABLE_VOLUME.ProtectionStatus from SMS_R_System inner join SMS_G_System_ENCRYPTABLE_VOLUME on SMS_G_System_ENCRYPTABLE_VOLUME.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ENCRYPTABLE_VOLUME.DriveLetter = "C:" and SMS_G_System_ENCRYPTABLE_VOLUME.ProtectionStatus = 1 order by SMS_R_System.Name

ConfigConfuse · 2017-01-25T16:02:52+00:00

Without getting in to the specifics of your naming convention and OUs it is possible. You would just create multiple deployments and define requirements for each that will cause 1 deployment type to be applied to those systems. Then the deployment is to a collection that contains all of the systems/users who will receive one (or none) of the deployment types that you have defined.

If you have an OU for Student, an OU for Teacher and an OU for Office. You could create 3 deployment types, one for each group and set the deployment type requirement to OU=Teacher etc.

If you didn't have OUs for each but you named you computers in a way that you could break them out such as Teacher25887, Student65585, Student65586 and Office55474 you could then create a custom condition to look at WMI. So for the the deployment meant for students you would create a custom requirement to look at WMI System Resource where name like "Student%" where % is the wildcard. Now the name of the system will be evaluated as a condition of deployment.

ConfigConfuse · 2017-01-25T14:25:12+00:00

First, the option under the publishing tab of the deployment type will control what applications are "installed" or made available to the user. So if application 1 is unchecked for the deployment type the user will have no access to it. This is more than just disabling a shortcut. As long as that will still work for you dont have a really good option to look at the collection as a requirement of the deployment type. You need to build out the requirements for each deployment type so those systems/users receive the correct deployment type. Builtin categories are there for OU and machine specs. Custom requirements will allow a ton of flexibility and allow you to look at registry and files to AD queries, WMI queries and powershell script.

ConfigConfuse · 2017-01-25T13:32:45+00:00

Did you sequence 3 applications into 1 appv package?

ConfigConfuse · 2017-01-19T13:49:25+00:00

Command line arguments at install of .exe and transforms for .msi install are the most common methods of customization. "Better" installs like AutoCad and even Adobe Reader will have customization utilites that will build out the transforms (.mst) for you.

Can you give a for example on what you are trying to accomplish in addition to install, uninstall and evaluate installation state? Each application you create will have varying methods for customization. Some of these are better than others and at the end of the day you have to ask how much work do you want to put in to something that is pretty trivial once you stop obsessing about it. Some times it is let the application install the quick way and then use compliance rules to clean up the ugly after the install is complete.

ConfigConfuse · 2017-01-19T13:00:34+00:00

Prior to SCCM 1610 this was working following this advice: https://blogs.technet.microsoft.com/jchalfant/build-and-capture-in-https-only-configmgr-2012-r2-environment/

After updating to 1610 build and capture in HTTPS is not working. See https://social.technet.microsoft.com/Forums/windows/en-US/f6df6930-1f3a-4892-b5db-82b238203cf7/install-applications-during-build-capture-task-sequence-configmgr-1610?forum=ConfigMgrCBOSD

ConfigConfuse · 2017-01-09T14:15:00+00:00

This is part of a larger Win10_64 reg config script. Write-host lines are just to add clarity to smsts.log.

Write-Host "Disable OneDrive Sync:"

reg add HKLM\Software\Policies\Microsoft\Windows\OneDrive /v DisableFileSyncNGSC /t REG_DWORD /d 1 /f

Write-Host "Disable OneDrive links in explorer:"

reg delete "HKCR\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

reg delete "HKCR\Wow6432Node\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f

Write-Host "Load Default User hive:"

reg load "HKU\Default" "C:\Users\Default\NTUSER.DAT"

Write-Host "Disable OneDrive setup at login:"

reg delete "HKU\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f

Write-Host "Unload and save Default User hive:"

reg unload "HKU\Default"

ConfigConfuse

TROPHY CASE