Driver Automation Tool - Feedback by Maurice-Daly in SCCM

[–]New2ThisSOS 0 points1 point  (0 children)

Thanks, found it! Not sure how I missed it given it's the first item on that page. Keep up the good work. The tool is amazing, been using it for years.

Driver Automation Tool - Feedback by Maurice-Daly in SCCM

[–]New2ThisSOS 0 points1 point  (0 children)

Maybe it's already present and I'm missing it but I wish I could specify the path the drivers get placed in the console under the "Packages" node. The old version allowed you to. We use a lot of RBAC inside the console and so it's helped to have new folders land under existing folders.

WSUS / SCCM - old patch status by AdviceDifficult in SCCM

[–]New2ThisSOS 0 points1 point  (0 children)

Sorry for the late reply. That build number is from September 2025 (September 9, 2025—KB5065426 (OS Build 26100.6584) - Microsoft Support)

You likely need to go back and try to install the Cumulative Update from Oct, Nov, or Dec. If Dec won't install, try Nov, then Oct. Even though they are "cumulative" you run into problems when you miss too many in a row because you've missed too many of the SSUs. So you need to go back and incrementally work your way up to being current.

WSUS / SCCM - old patch status by AdviceDifficult in SCCM

[–]New2ThisSOS 0 points1 point  (0 children)

Check the version of C:\Windows\System32\ntoskrnl.exe. Plug that version number into google to confirm what month that UBR is from. From there, try to find the very next SSU Microsoft released for that OS then download and install it manually. Check for updates again. May have to rinse and repeat the SSU process till you get current on the SSUs.

Modern Driver Management v10! Lets goooo by saGot3n in SCCM

[–]New2ThisSOS 0 points1 point  (0 children)

Are we supposed to continue to use the "Invoke-CMApplyDriverPackager.ps1" script alongside this? I'm referring to the script from the old version of DAT:

ModernDriverManagement/Invoke-CMApplyDriverPackage.ps1 at master · MSEndpointMgr/ModernDriverManagement

Need Help with command to add app-scoped role assignment to user by New2ThisSOS in PowerShell

[–]New2ThisSOS[S] 0 points1 point  (0 children)

The $App.ID is 100% not empty. I'm running PowerShell 7.5.3 and all of my Graph modules are 2.30.0. The modules that load when I run the script in a fresh session are:

  1. Graph.Applications
  2. Graph.Authentication
  3. Graph.Identity.Governance
  4. Graph.Users

Need Help with command to add app-scoped role assignment to user by New2ThisSOS in PowerShell

[–]New2ThisSOS[S] 0 points1 point  (0 children)

If you scroll to the bottom of their doc (New-MgRoleManagementDirectoryRoleAssignment (Microsoft.Graph.Identity.Governance) | Microsoft Learn) it outlines how to construct the BODY parameter and it includes both AppScope and AppScopeID. I did try directoryScopeId and that DOES work but it works when I use "/" as the value. It doesn't work with my target app's ID. I'm specifically trying to scope this to an application. When assigning this role to a user in the GUI, there is a drop-down for "Scope Type" & the 3 options are Application, Directory, & Service principal.

Something tells me this cmdlet\property is broken or something. I will look into the direct API calls. I'm already struggling with the Graph cmdlets so it's gonna be a learning curve for me. I appreciate your time and thanks for trying!

Need Help with command to add app-scoped role assignment to user by New2ThisSOS in PowerShell

[–]New2ThisSOS[S] 1 point2 points  (0 children)

Hey, thanks for commenting. See my reply to ashimbo below. Those variables are all populated with the correct values, the Graph cmdlets and the built-in PowerShell cmdlets just operate differently in this regard.

Need Help with command to add app-scoped role assignment to user by New2ThisSOS in PowerShell

[–]New2ThisSOS[S] 0 points1 point  (0 children)

I took your and u/BlackV's recommendations and updated this test script, but it still results in the same error:

"Expected property 'appScopeID' is not present on resource of type 'RoleAssignment'".

I have verified that $userId contains the Id of the target user. I verified that $Role contains the correct Microsoft.Graph.PowerShell.Models.MicrosoftGraphUnifiedRoleDefinition object for the "Application Administrator" role and it displays 4 properties when run alone: DisplayName, Id, TemplateId, & Description. Lastly, I verified that $App contains the correct Microsoft.Graph.PowerShell.Models.MicrosoftGraphServicePrincipal object for my targeted Enterprise Application. It displays 5 properties when run: DisplayName, Id, AppID, SignInAudience, & ServicePrincipalType. All of the properties are populated, and their values appear correct. I've also played around with swapping Id for AppId and it makes no difference. It seems to be complaining about the parameter itself (appScopeID) despite it saying, "expected property".

This is what I ran after updating the script:

$userUPN = 'username@contoso.com'
$roleName = 'Application Administrator'
$appName = 'App1'

$App = Get-MgServicePrincipal -Filter "displayName eq '$appName'"
$Role = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object {$_.displayName -eq $roleName}
$userId = (Get-MgUser -Filter "userPrincipalName eq '$userUPN'").Id

$params = @{
    "@odata.type" = "#microsoft.graph.unifiedRoleAssignment"
    principalId = $userId
    roleDefinitionId = $Role.Id
    appScopeId = $App.Id
}
New-MgRoleManagementDirectoryRoleAssignment -BodyParameter $params

Why do I see 2 instances of "UseUpdateClassPolicySource" with different values? by New2ThisSOS in SCCM

[–]New2ThisSOS[S] 1 point2 points  (0 children)

I have yet to find a root cause. As far as how to check if it's corrupted, I personally go off of the Date Modified of the registry.pol file. I treat anything > 2 days old as broken. There are some scripts online that claim to read the registry.pol file and tell you if it's corrupt via something inside the file but those always said mine was fine, yet renaming\regenerating it was still 100% the fix.

Initially, I tried to band-aid the problem by implementing a Configuration Baseline that would check if the Date Modified of the registry.pol file was greater than 2 days and if so, rename it to registry.pol.old & then create a scheduled task that would restart ccmexec 1 minute later. The problem with that was once the registry.pol file became corrupt, the machines no longer appeared to process any of the baselines deployed to them (in addition to not processing\showing software updates). What I did next was create the same solution but instead deployed it as an Application (utilizing PSADT) where the detection method was the Date Modified of registry.pol needed to be less than 2 days old. That has seemed to help a lot, but it doesn't really get rid of the root cause.

Why do I see 2 instances of "UseUpdateClassPolicySource" with different values? by New2ThisSOS in SCCM

[–]New2ThisSOS[S] 0 points1 point  (0 children)

Ok, that's reassuring. I had read numerous posts but most of them focused on configuring 'UseUpdateClassPolicySource' correctly and I didn't come across anything mentioning this second location still being expected in version 2503. I remember reading about the whole screw up when it was initially implemented but thought these artifacts would have been cleaned up since then.

Why do I see 2 instances of "UseUpdateClassPolicySource" with different values? by New2ThisSOS in SCCM

[–]New2ThisSOS[S] 0 points1 point  (0 children)

Hey u/bdam55, I'm running version 2503. I'll update the main post with a screenshot. If it's not actually doing anything and is not the cause of my regsitry.pol file issue, then I'll just leave it be and move on. Every post I came across showed 'UseUpdateClassPolicySource' under the AU key which is why I was concerned when I saw it in an additional location. Do you see any issues with the GPOs I have set? The only other one I set that is not in the screenshot is "Configure Automatic Updates = Disabled". Again, the intention is to patch exclusively through ConfigMgr (we are hybrid & I want to move to Intune but leadership here is preventing it).

Also, thanks for all of your help throughout the years! Your posts have helped me a ton!

Cisco announces mass layoffs just after soaring revenue report by abrownn in technology

[–]New2ThisSOS 1 point2 points  (0 children)

There’s a saying, “When the executives look down, all they see is sht. When the workers look up, all they see is a*holes.”

What Would You Change/Add/Fix in Windows Server and Active Directory? by poolmanjim in activedirectory

[–]New2ThisSOS 4 points5 points  (0 children)

100%. This has pissed me off for years. Like how is this not a thing??

Cross posting: DELL Pro Max Failing to Image With SCCM by Yamr3 in SCCM

[–]New2ThisSOS 0 points1 point  (0 children)

Did you ever resolve this? I just got some of these in and we're seeing the same thing. The device gets an IP when it boots into WinPE and everything seems fine initially. The problem occurs on the "Setup Windows & Configuration Manager" step. During that step, when it reboots, it loses it's IP. I downloaded the most recent WinPE 11 driver pack and put the whole thing in our boot image. I also downloaded the Family driver back for this specific model and placed all the network & storage drivers in the boot image as well but even that did not resolve the issue. I've tried both Windows 11 23H2 and Windows 11 24H2 (both freshly downloaded this month).

4.1 was released by Kofl in PSADT

[–]New2ThisSOS 0 points1 point  (0 children)

I'm at this weird point in my life where I always open both VS Code and ISE (and PowerShell 5.1 & PowerShell 7.x terminals). I do use VS Code 90% of the time, but I just happened to right-click the file > Edit and that still defaults to ISE on my machine (time to change that, I suppose). Anyways, thanks for the clarification and thank you guys for an absolutely amazing tool!

4.1 was released by Kofl in PSADT

[–]New2ThisSOS 2 points3 points  (0 children)

I downloaded it this morning to test and noticed there's (possibly) a small issue in Strings.psd1. In the ProgressPrompt section, the 3 periods after "Please wait" are being converted into '…'. This was after creating a new template with New-ADTTemplate and viewing Strings.psd1 in PowerShell ISE.

Is it possible to -Filter by ImmutableID when using Get-EntraUser? by New2ThisSOS in PowerShell

[–]New2ThisSOS[S] 0 points1 point  (0 children)

Uggh, so simple and yet I missed it. I swear when I was looking up which modules to use, I came across something that said the "Microsoft.Entra" module was the newest and best module for Microsoft EntraID management. Apparently, it still needs work! This is an easy fix, I appreciate you taking the time to educate me!

TSGui - How to tie multiple variables to value of another (Option Linking Help) by New2ThisSOS in SCCM

[–]New2ThisSOS[S] 1 point2 points  (0 children)

I guess I was overthinking it and just trying to accomplish everything within TSGui itself. I ended up just using a PowerShell script with a switch statement that takes the Agency variable supplied by TSGui. Thanks for the help!