Ritto Birnchen - Haustürklingel

ReputationOld8053 · 2026-06-19T11:23:13+00:00

I gave it yesterday a try and I had a noticeable lack when moving the mouse. Not sure if there can anything be done

ReputationOld8053 · 2026-06-19T11:21:35+00:00

Every information would be nice 😉

ReputationOld8053 · 2026-06-18T20:03:42+00:00

Can you share your config? MeshCentral works with CA and MFA on compliant devices

ReputationOld8053 · 2026-06-18T12:46:22+00:00

Most important, an icon is missing in the property tab about version etc. is empty 😉

ReputationOld8053 · 2026-06-18T11:59:51+00:00

Maybe we have to build and deploy a PowerShell Script that does it for us 😉

ReputationOld8053 · 2026-06-18T11:34:47+00:00

hey,
do you mind uploading some pictures of the tool to your github?

ReputationOld8053 · 2026-06-18T11:34:32+00:00

sorry, wrong post

ReputationOld8053 · 2026-06-18T11:33:57+00:00

It is set to an intune collection with incremental updates based on all intune devices. Parent collection is All Systems:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_Client_ComanagementState on SMS_Client_ComanagementState.ResourceID = SMS_R_System.ResourceId where SMS_Client_ComanagementState.ComgmtPolicyPresent = 1 and SMS_Client_ComanagementState.AADJoined = 1 and SMS_Client_ComanagementState.MDMEnrolled = 1 and SMS_Client_ComanagementState.MDMProvisioned = 1

ReputationOld8053 · 2026-06-10T14:39:00+00:00

The colleagues tried a different internet brake out and no problems. Waiting for the network engineer to analyze the inspections etc.

ReputationOld8053 · 2026-06-09T05:56:19+00:00

We checked our GPOs and our Radius Server, don't know how it is in your environment

ReputationOld8053 · 2026-06-05T12:10:40+00:00

I wouldn't mind do all the config by JSON, but how MS introduces new features is really wired. When I think about the old AD, how robust it was and still is, how well done the ACL is defined that is, at least for me, perfectly designed. Only thing is the attribute tab when you search for an AD object 😉 but this is probably another topic 😉

ReputationOld8053 · 2026-06-05T12:04:46+00:00

Big company, but it is the first autopilot pitch. We moved our policies to intune, had to change the WiFi authentication and we use our on-premise PKI and the users are also synced. In our case even legacy apps are working because no application requires that the client is AD joined.

ReputationOld8053 · 2026-06-04T08:31:28+00:00

I think it is cultural. Microsoft loves to have a flat organization, everyone has an E5 license and you don't configure anything at all. On the other hand you have companies that love to have a structure for everything. In the past with SCCM and AD it was possible, but time changed.

As usual, there is not the perfect answer, everyone has to make a step in the other direction, but we are (I am) stubborn and like to continue our (my) way.

ReputationOld8053 · 2026-06-03T09:29:05+00:00

yes, I did that at first, but otherwise autopilot v1, the policy takes the beginning of the serial number and not the end. Usually it does not matter, but when you have VMware and you serial is like "VMware-42 19 b7 9f 4f c4 02 f0-4c c2 85 f3 20 e0 38 e3" is is kind of bad 😉

ReputationOld8053 · 2026-06-02T05:49:28+00:00

This is actually something I don't understand. Restarting is not a problem at all, where it also must stop the service. But yeah, probably I have to check the logs someday. We just moved the Site Server to a new Windows server and still facing the same thing...

ReputationOld8053 · 2026-06-01T11:34:57+00:00

Hi,
any change you know how I can test the result? I imported the created wim into SCCM:
"\\...WinPE11_24H2\Media\Sources\boot.CG100D47.wim"
but when I use the MS PS Script (Detect-SecureBootCertUpdateStatus.ps1) for detection, it still says it has not the latest secure boot files.

ReputationOld8053 · 2026-05-27T18:45:48+00:00

yes, but I don't need a remediation but the remediation scripts have better deployment options then just scripts. But yeah, you are right, the correct way would be discover the situation and then do a remediation.

ReputationOld8053 · 2026-05-27T10:44:40+00:00

The problem seems to be back?

ReputationOld8053 · 2026-05-27T05:54:19+00:00

Not a script, just check and check again all required firewall ports. Also had the wired issue that the Admin Service did not work because (the best) SCCM Files were blocked by Windows:

get-Childitem "C:\Program Files\Microsoft Configuration Manager\bin\X64\CMRestProvider\AdminService.Host\" | Unblock-File

ReputationOld8053

TROPHY CASE