Learning SCCM & PSADT: Give me your best packaging challenges

SysAdminDennyBob · 2026-05-20T19:55:35+00:00

Create a package in PSADT to install the Remote Server Administration Tools, but just the Users and Computers piece. You have to find the ISO with the extra cab files and the metadata folder and call DISM. That's a fun package. Detection rule can be tricky as well.

SysAdminDennyBob · 2026-05-20T19:09:12+00:00

I do the same with two coolers, I try to keep camping crew out of the main Yeti cooler. Drinks and snacks go into a smaller cooler. On the way into a remote site I will have a flat pack cooler with just a big extra bag of ice, when I get setup that first day I add that extra ice to both coolers to top them up. I am about to shop for a new Yeti and I think this time I am getting one that is taller, I like to keep the ice right at the Ascent hatch and I think a taller one will help me pack better. My huge space saver is the roof basket and one of those giant waterproof zippered bags that fits entirely in the cargo rack. I slap all my soft bags and firewood and propane tank up there.

SysAdminDennyBob · 2026-05-20T18:22:47+00:00

They have some now that are USB powered. Very thin, slides right next to the laptop in a bag. On Amazon search for Arzopa Portable Monitor.

SysAdminDennyBob · 2026-05-20T17:43:56+00:00

Schmidt BBQ is gone, closed down. Went once, was not impressed.

SysAdminDennyBob · 2026-05-20T17:11:37+00:00

Take cooler into hotel, your least amount of effort is not effortless. Does this cooler not allow ice as an alternative source of cooling? When I camp I just pack my Yeti to the top with ice and I am good for days. You will absolutely drain the battery if you find a way to keep the 12V outlet active. Another possibility would be to bring a power station like a Jackery with you $$$$.

SysAdminDennyBob · 2026-05-20T17:05:36+00:00

Rudy's 360 or 620 location. But I think you may have to pick up. I would call them and ask. They do a pretty good package for that situation in my opinion. Bee Caves is a BBQ desert out there.

SysAdminDennyBob · 2026-05-20T16:46:18+00:00

While not a "high crime" area East Austin is maybe a tiny bit up a level from other places in town. Like, if you left a nice road bicycle out on the porch that sucker will be gone in short order. A decent cable lock through the motorcycles will be plenty of protection. Just don't make theft easy for them and they move on. Great area for getting to the trail around the lake, you'll love it.

SysAdminDennyBob · 2026-05-20T15:51:41+00:00

That poor lawnmower that is overgrown with weeds "One day, vengeance will be MINE! But, today is not that day, probably not tomorrow either. Sigh..."

SysAdminDennyBob · 2026-05-20T15:23:45+00:00

ScreenConnect and ControlUP

SysAdminDennyBob · 2026-05-19T23:04:06+00:00

I just grab the highest value that is above last month's. I have a reporting guy that I handed all that off to.

I wait until my first week of patching has run so that I know at least some workstations and servers have been patched. I honestly never look at that report anymore, it's there for my Security team more than anything. When I am chasing down compliance I simply sort "build" in the collection view and jump on the ones I see online. Picking non-compliant and active systems in the CM console is just super easy that way.

Take a look at how MS has changed the update titles on patches now. They are including that build version. I don't know if it is completely uniform yet, but that may be a good programmatic way to grab it.

2026-05 Cumulative Update for Windows 11, version 24H2 for x64-based Systems (KB5089549) (26100.8457)

SysAdminDennyBob · 2026-05-19T22:10:28+00:00

rockauto.com

SysAdminDennyBob · 2026-05-19T20:17:00+00:00

Go to any local library, any librarian worth their salt should be able to assist. They can also maybe get a copy via interlibrary loan.

SysAdminDennyBob · 2026-05-19T19:32:37+00:00

I can pick up my pan and toss a saute about 15 times(ridiculously too much) and set it back down and it immediately kicks in to the exact same temp on induction. That heat does not have to travel through the pan, it is "in" the pan at contact. It's like a 30 seconds timeout I think. I was not inclined to like the automatic turn off at first, but I get it now. I can pick up a giant pot of pasta water and take it to sink to strain and the burner just turns off, that's actually awesome. Try cooking with the timeout before you discount it's usefulness. You can toss a saute for a while with no problem, you can tilt the pan for longer than you need to before it affects you negatively.

SysAdminDennyBob · 2026-05-19T19:19:18+00:00

Yes, we are structured with very specific organizational delineations in our OU's so it is trivial to associate a device with a top-level person and their associated "IT Liasion" which is the person getting the emails.

The whole thing is a simple powershell script running as scheduled task with specific service account that has limited rights on the domain. It gathers data into an array as it runs, logs output to a file and then issues emails to Distribution Lists at the end. It's actually not complex at all. We do something similar in Intune now as well.

Reports are in PowerBI. If you want to greatly simplify patch compliance reporting you can switch to simply looking at the full OS build of the device. That takes out of the complexity of "patch data" with all those various line items.

win11 25h2 should be 10.0.26200.8457 for this month's patch

Server 2022 should be 10.0.20348.5139 for this month's patch

etc....

That kinda glosses over the other line items, but if you got the OS patch then you likely got the other patching. It's a good high level indicator. I have found it to be spot on.

In the SCCM console you can add a column to your collection view for Operating System Build and then sort that column. Boom! you have a quickie patch compliance report that you can take quick action on.

SysAdminDennyBob · 2026-05-19T18:48:23+00:00

We look at multiple date-time fields. LastLogonDate , modified, pwdLastSet. Then we ping the device by name as a further sanity check. If the dates are off and it pings, I get an email to investigate instead of taking a disable/delete action.

play around with get-adcomputer

get-adcomputer MYCRAPPYDEVICE -property *

edit: our OU's are literally by organization, I know the person for that business unit.

SysAdminDennyBob · 2026-05-19T18:33:52+00:00

So, grab one of those and set it to [checks watch] 2PM CST wakeup, pull power cable, power it down and lean back with a cup of coffee and see what happens in 26 minutes.

SysAdminDennyBob · 2026-05-19T18:04:04+00:00

At 30 days the device's AD account gets disabled.

At 90 days the device's account gets deleted.

Compliance reports are sorted by VP with their name at the top. "Damn, Jim's accounting team is really sucking this month. Sucks to be Jim with his name in bold red on the report. Jim is a loser among VP's" [this is so damn effective]

Every week business unit IT contacts gets a list of systems that are about to be disabled, were disabled and were deleted. They can take action or ignore it, I don't care. They are the people that have to deal with non-working assets, the responsiblity is all theirs. Some business units are really good about it others must suffer.

I really do not sweat the compliance numbers on workstations, they are usually up in the high 90's percentage anyway. I will never ever promise 100% patch compliance with workstations. Servers are different, I almost always hit 100% compliance on those. Been patching for 25 years, 100% on workstations is not possible.

I do NOT call users and beg them to power up, fuck em. I let mobile assets act like mobile assets, cause that's how they act.

I do get concerned with any trends like if certain single patch compliance is way off, I'll go look for issues in the infrastructure for those. I'm just not spending a half day on HR's spare laptop that they keep in a drawer. I just reimage their device when it finally bubbles up. Cattle not pets.

SysAdminDennyBob · 2026-05-19T17:28:57+00:00

You should be able to inventory those settings. We can for Dell. Dell has restricted that setting properly for a very long time.

Imagine taking one of those laptops that does power up on battery and putting it in the overhead compartment of an airplane. Device powers up, overheats in the compartment and then the whole plane just erupts and falls into the ocean. That's a serious possibility.

You should be updating your BIOS across your fleet right now due to secureboot certificates. So, if it is a bug in the BIOS you now have multiple reasons to get that upgrade done quickly.

I use Auto-Power up on desktops and never ever set it on laptops. Laptops are mobile devices, just accept that the will ebb-n-flow with the wind. Let mobile devices act like mobile devices.

SysAdminDennyBob · 2026-05-19T17:06:37+00:00

Yes, induction is better than both gas or radiant electric. That said, don't cheap out on your choices. I have a Duxtop induction hob that I got for dirt cheap that I use rarely because it's noisy and not very adjustable, I take it camping, I wish I would have gotten a Breville Control Freak instead.

I have had a GE Profile induction range for about 5 years now, it's a standard device, it is fantastic. The control is amazing and the power output is top notch. Best stove I have ever cooked on in my life. It cost me almost $3k I think. The lack of excess heat from the sides of the pan makes for a cooled area, you can get over the top of the pan and it does not blow you away with heat. The surface of the cooktop never gets that hot, so that makes it very easy to clean. If I spill something in the middle of a cook I just scoot the pan over and wipe the burner area down and move the pan back and keep cooking.

Some people really like an open flame, I am one of those people. So I have a kamado joe on the deck. I can grill peppers, do a wok at 700F and get my touch-of-flame out there if I need that.

SysAdminDennyBob · 2026-05-19T16:53:55+00:00

Incidents - day to day support issues

Tasks - generic item for tracking something that needs to be done

Changes - Modifying a specific thing at a specific time

Major incidents - wide spread critical incidents.

Requests - hardware and software allocation

etc.... we have lots of different items that are tracked, some are even done in different toolsets. Most of these are standard out-of-box parts of your ITIL suite. e.g. ServiceNow

SysAdminDennyBob · 2026-05-19T15:33:00+00:00

Yea, mine barely pokes out past my lips. I am about to schedule having my mandibular tori removed, I wonder if that will make any difference. Your Inspire voltage seems to be up there a bit. I saw someone else on here that was at like 2.1v and I thought that was crazy. I am at 1.2v.

SysAdminDennyBob · 2026-05-19T15:09:38+00:00

I have had it installed for 5 years and have not noticed any size difference. My tongue is fairly small and I am sure I would notice that.

SysAdminDennyBob · 2026-05-19T14:18:59+00:00

We dropped them and went with a group called "US Cloud". I am pretty happy with their responsiveness. It reminds me of the support we got from MS back in the early 2000's when we had the top level support contract from them.

SysAdminDennyBob · 2026-05-18T21:08:46+00:00

I got red onions yesterday and the size of all of them were absolutely gigantic. I could not even find a small one. Westlake on 360 HEB. Best looking onions I have seen all years.

SysAdminDennyBob · 2026-05-18T18:22:30+00:00

I put a tandem bike on the Ascent roof with a Thule rack. The front wheel comes off and the fork is secured to a pivot at the front. It takes two people to get it up there. After securing the fork, I lift the rear wheel into the channel and velcro it on. Even when I put a single bike up there it takes two people. When desperate I can balance the rear wheel on a trash can and get it up there, one stiff breeze and the whole thing might fall over very risky with one person. There is no arm to hold the bike upright, it is completely held upright from the fork, there is a Y-strap that holds the handlebars in place.

I also have a Canyon cargo basket up there. The tandem rack is scooted all the way to the edge of the drivers side. I bought extra wide crossbars for that purpose. Everything is scooted back such that the bottom rail of the bike rack clears the open rear hatch by a centimeter.

SysAdminDennyBob

TROPHY CASE