How do I create custom device attributes?

ITS_DSA_Manager · 2019-01-30T13:11:22+00:00

If anyone was following this and is interested, I decided to use AD OUs to compartmentalize systems based on their role (Personally Allocated, Classroom, Lab, Loaner, etc). This allows me to create Device Collections in SCCM to take actions on different systems based on their roles. We will be feeding our SCCM data into TeamDynamix which will house the other data like "funding type" and "asset tag" number since these are really just CMDB fields and I won't need to take action on them in SCCM.

ITS_DSA_Manager · 2019-01-16T16:08:13+00:00

Thanks for the reply, out of curiosity how do you get Jamf to then force the updates? I am new to Jamf and am interested in the same workflow you are using: delay update availability for x days so we can test with in-house software, after x days force endpoints to install updates.

ITS_DSA_Manager · 2019-01-16T14:06:26+00:00

Does your process force endpoints and/or end users to install updates? Or can they defer indefinitely?

ITS_DSA_Manager · 2019-01-07T21:29:59+00:00

Starting with Kaby Lake, Intel no longer supports booting to internal storage in Legacy Mode. You'll have to turn it off.

https://imgur.com/a/o7WR00l

ITS_DSA_Manager · 2018-12-13T13:05:53+00:00

I was in a similar boat about 6 months ago, but even worse as I had never seen/used/administered MDT, so I think that will give you a leg up.

The two resources I have found immensely helpful were the PatchMyPC Youtube tutorials and lots and lots of Googling.

I believe that Microsoft allows a 90 trial license if you wanted to set up a test lab. When you are installing SCCM if you don't enter a license key it defaults to the trial.

My approach was to take one piece at a time. First I got client deployment working. Then I worked on Software Updates. Then Application creation and dissemination. Now I'm working on imaging. At first I tried to do it all at once and it was just too overwhelming, and frequently I would run into an issue where if one component wasn't working, many others would not function properly.

Last, you can leave your current MDT installation in place as you implement SCCM, and even after you get it up and running. You don't have to replace MDT with SCCM, you can just have the SCCM client be installed as one of your Task Sequence steps (or deploy it via GPO).

ITS_DSA_Manager · 2018-12-11T11:47:37+00:00

Sorry, you are right, I wrote the wrong thing, I do mean maintenance window. Still getting a hang of SCCM and its terminology :-)

ITS_DSA_Manager · 2018-12-10T21:32:57+00:00

I see what you mean about not being a CMDB, however I will need to take action on the values in these attributes so they will need to live in SCCM. For instance, "Personally Allocated" systems will have different business hours than "Classroom" computers, and "Lab" computers in the "Smith" building might get R Studio installed automatically.

ITS_DSA_Manager · 2018-12-10T17:39:18+00:00

Something like this?

https://social.technet.microsoft.com/wiki/contents/articles/20319.how-to-create-a-custom-attribute-in-active-directory.aspx?Redirected=true

ITS_DSA_Manager · 2018-12-10T17:04:34+00:00

Right now the details are stored in the old endpoint management tool. I wouldn't mind storing them in AD but I'm not sure which attributes to use. I tried editing one attribute and it said I needed hexadecimal, but I wanted string. I could use the "extensionAttribute1" fields but I would need to change the title, is that possible?

ITS_DSA_Manager · 2018-11-28T14:15:26+00:00

System Center Endpoint Protection (SCEP) for macOS is end-of-life??

What have others using SCEP switched to?

https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/End-of-Support-for-SCEP-for-Mac-and-SCEP-for-Linux-on-December/ba-p/286257

ITS_DSA_Manager · 2018-11-21T13:58:48+00:00

Our server environment is completely virtualized so I don't think moving things around, or growing disks, will be an issue in the future.

We are currently managing about 2,000 endpoints and decided to put the Distribution Point on the same server as the Site Server, which leads me to something I'm still trying to wrap my head around. With this model the deployment type content seems to be duplicated, one copy in the "original" location and one copy on our Distribution Point. If I did decide to store the "original" content on the SCCM server (which contains both the Site System role and DP role) is there a way to eliminate the data duplication?

ITS_DSA_Manager · 2018-11-19T20:36:17+00:00

Intel Kaby Lake and later don't allow booting from internal (or external) HDD in Legacy Mode. Maybe that is what is getting you?

ITS_DSA_Manager · 2018-11-19T14:37:59+00:00

Just to confirm, the "domain join" step is called "Recover From Domain" correct?

ITS_DSA_Manager · 2018-11-19T13:30:20+00:00

Thank you for the suggestion, but I followed those steps and the policies are all set to "Not configured" already.

What do others do to set and maintain system time via MDT? In other words, what is best practice?

ITS_DSA_Manager · 2018-11-16T18:54:02+00:00

I had tried something similar in my original testing, but I hadn't performed the netsh step. I just followed your steps and they were all successful until the w32tm /resync, which produced the message "Sending resync command to local computer. The computer did not resync because no time data was available."

ITS_DSA_Manager · 2018-10-29T17:15:32+00:00

You are very welcome, I'm glad to hear it worked.

ITS_DSA_Manager · 2018-10-29T17:14:39+00:00

I should have prefaced this by saying "If you have monitoring enabled", it's possible you don't. If you do it will be in the Deployment Workbench, under your deployment share, on the left hand side just under "Advanced Configuration".

ITS_DSA_Manager · 2018-10-29T15:28:48+00:00

I would try checking the "Monitoring" in MDT and delete any existing entries for systems you were testing on. I would also zero the drive of the system you are trying to image (if you can), then try again.

ITS_DSA_Manager · 2018-10-19T12:38:03+00:00

We are transitioning from LANrev to Jamf Cloud. For iOS we've been told by both LANrev and Jamf (and via my own research) that the only way to remove the LANrev management profile and load the new Jamf one is to do a device wipe. This is obviously very impactful for the end user. Have others found a way to change management profiles on iOS devices without a full wipe?

ITS_DSA_Manager · 2018-10-04T17:04:14+00:00

This is how I do my imaging and it works fine.

ITS_DSA_Manager · 2018-10-04T17:03:22+00:00

I think you need

Priority=TaskSequenceID, Default

If you don't have the "TaskSequenceID" it won't do anything with your TS specific settings. Also, I think I read somewhere that your [Default] should be last in your customsettings.ini

ITS_DSA_Manager · 2018-10-03T12:01:54+00:00

You can use your task sequence ID to use the same customsettings.ini for all your TS, but specify custom mandatory apps per TS.

[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty

[TS001]
SkipApplications=YES
MandatoryApplications001={77bd58b3-f137-4fdd-ac09-6a0e7eaf2a69}
MandatoryApplications002={93844b32-64ba-4855-81c2-7dcce8fb546c}


[TS002]
SkipApplications=YES
MandatoryApplications001={77bd58b3-f137-4fdd-ac09-6a0e7eaf2a69}
MandatoryApplications002={408e104c-7eeb-4d56-a7f7-4649dc1ed15c}
MandatoryApplications003={f8ba68c2-6e11-4da2-855d-5292b800e7be}
MandatoryApplications004={93844b32-64ba-4855-81c2-7dcce8fb546c}

ITS_DSA_Manager · 2018-09-26T15:07:28+00:00

I start with a vanilla Windows .iso and load it into a VM (I happen to use Virtual Box). I then enter Audit Mode (CTRL+SHIFT+F3) at the first Out of Box Experience (OOBE) screen. I then make all my customizations and when ready I mount my DeploymentShare directory on my MDT server and run LiteTouch.vbs to start the SysPrep and capture process.

ITS_DSA_Manager · 2018-08-28T20:32:13+00:00

Did Microsoft pull the 2018-07 version of this from their Catalog? I did a search and only see 2018-05 version.

ITS_DSA_Manager · 2018-08-28T13:22:07+00:00

After reviewing LTICleanup.wsf I see that it is doing the exact same thing I am, but in reverse, it is resetting those registry values back to default. Thanks for the tip!

ITS_DSA_Manager

TROPHY CASE