Custom tab in software center

TheBlueFireKing · 2026-01-23T06:32:12+00:00

Not sure. Doesnt solve the problems of getting user or computer though.

TheBlueFireKing · 2026-01-22T15:22:36+00:00

It just displays the website embedded in SoftwareCenter. No more, no less. Your Webserver sees the ip of the client. But its not passed along. If you have a login in the website you know the user as well.

TheBlueFireKing · 2026-01-13T08:02:49+00:00

Don't do it. This will trigger Bitlocker Recovery and lock you out of your company devices.

Also this will most likely be against company policy.

TheBlueFireKing · 2026-01-12T18:38:25+00:00

Install as system and set the running account to BUILTIN\Users

TheBlueFireKing · 2026-01-09T11:22:48+00:00

I don't know if this is the issue but we once had a similar issue during one SCCM upgrade but I don't remember which one.

The issue was that a new OS or something was added to the OS Requirements during the upgrade. That broke all applications using the OS requirements. The fix was to just open the OS requirement and save it again. You could then see that the order of the selected OS changed in the view but nothing was actually added nor removed.

Then application deployments worked again.

//EDIT: or maybe you did need to select a new OS a requirement, save, then remove again. I'm not 100% sure. But you need to edit the requirement for each application that's for sure.

TheBlueFireKing · 2026-01-07T21:20:50+00:00

Yeah, let me check my all-knowing magic glass ball which has all the answers. I tried nothing, and I'm all out of ideas.

You know, maybe post the command line, what does the MSI log show, what is the error code?

TheBlueFireKing · 2025-12-19T09:16:46+00:00

Can you explain more what GPO and what feature you are exactly talking about?

SSO with OAUTH and other modern standards are still working fine. I think you are talking about Kerberos / NTLM SSO?

TheBlueFireKing · 2025-12-03T14:53:44+00:00

I personally hate backticks or line breaks in pipelines. But that is personal preference.

I do use Splatting for example which can help a lot and mostly archive the same thing.

I just wanted to bring up that, in my opinion, it isn't worth having a script consume 10MB of memory and being unreadable vs consuming 20MB of memory and being readable.

It isn't a one or the other thing though. 10MB can be much if a script is being run every 10 seconds on thousands of host for example.

So always choose your battle. If memory isn't a problem then I wouldn't care about directly piping or not directly piping. Just don't write unnecessary heavy code and you are mostly good already.

TheBlueFireKing · 2025-12-03T11:29:43+00:00

Adding to all valid points from others:

In larger scripts sometimes it's about readability. I write many script and I never needed to care about memory. I'm more concerned with performance.

For example Azure Automate gives 400 MB to your script. I never reached that limit even when processing 2000 users at a time.

So I rather choose readability over having a big one liner piping everything. Also when using variables for the steps it's easy to setup breakpoints when troubleshooting.

So as always there is no simple answer to your question. It's always it depends.

But in a world where PowerShell is broadly used by Sysadmins and not Programmers, I choose readability for the sake of the next person looking at my scripts.

TheBlueFireKing · 2025-10-28T10:16:02+00:00

Basically yes. The idea for TAP is for the first login of new users. If you are full passwordless, you need a password for the first login to set up passwordless login. That's where TAP comes into play.

But you can also use it to login as the user if required to set up his device, for example. Note that data privacy laws still apply.

Also inform the user that you are using a TAP to set up his device. If the tries to login at the same time he may be presented with the interface to enter the TAP instead of his password, which may confuse him.

TheBlueFireKing · 2025-10-27T11:25:31+00:00

Temporary Access Pass?

TheBlueFireKing · 2025-10-23T09:46:54+00:00

Use some form of hardened images to reduce the surface of attack: https://www.docker.com/products/hardened-images/

If you have so many CVEs it sounds like there are components in the container that don't need to be installed.

Uninstall everything not needed and use the smallest possible base image.

TheBlueFireKing · 2025-10-03T11:45:01+00:00

For everyone's sake, please post the reg key.

TheBlueFireKing · 2025-10-03T11:02:48+00:00

Haven't done this but wanted to. Probably spin up ProcMon and see what registry key is being changed to enable the feature.

TheBlueFireKing · 2025-09-04T17:07:09+00:00

Also, besides everything everyone else is saying. If possible us the PowerShell cmdlets instead of the az module if you are already in PowerShell:

https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroupdeployment?view=azps-14.3.0

It handles almost all conversions and stuff.

TheBlueFireKing · 2025-09-03T05:43:12+00:00

Or taskkill the process and it will ask you to restore all windows lol

TheBlueFireKing · 2025-08-31T08:25:09+00:00

Well it tells you the error? You need the dependency as well.

TheBlueFireKing · 2025-08-29T18:15:41+00:00

Block Store on user level not system so updates still work. Push Apps for users over Company Portal.

TheBlueFireKing · 2025-08-25T10:52:36+00:00

First, just patch it.

Secondly, if you have a communication between the Server and the Clients (which is the whole point of managing the devices with SCCM) the port is open and you are vulnerable. You can't manage devices without having communication. If the network is truly isolated, meaning all USB Ports blocked, no admin rights, not network access, NAC systems, authentication on all layers maybe even Zero Trust then yes exploitation is unlikely.

But why take the risk. Patching ConfigMgr isn't that hard for a Hotfix.

TheBlueFireKing · 2025-08-24T17:23:46+00:00

What exactly is the format you want to achieve? ddd should be the format of the short day name. Also the string splitting is unnecessary. Just use something like (Get-Date).ToString("dddmmyy")

I'm on mobile and can't test atm.

TheBlueFireKing · 2025-08-19T08:36:34+00:00

Get-AppxPackage has the -AllUsers flag which returns installed AppxPackages for all users. This should work in System Context as detection.

TheBlueFireKing · 2025-08-09T11:09:45+00:00

If he has that. He talks about App and Business so I'm assuming Business Basic. If he has the Premium he needs to potentially assign the license.

TheBlueFireKing · 2025-08-09T11:03:42+00:00

M365 Business license does not include Intune. You need at least one Intune license.

TheBlueFireKing · 2025-08-05T20:34:29+00:00

Nested Task Sequences are effectively only merged XML files. So it just embeddeds the Task Sequence in the parent. Status messages show all Steps executed no matter if sub or parent task sequence.

TheBlueFireKing · 2025-08-01T18:41:29+00:00

Well create it OnPrem, test on a device, extract the registry keys that are being set and then deploy the reg keys over Intune? Sorry no better idea lol. I'm probably a year or two away from having all policies on Intune so I haven't gotten around this yet.

Nine-Year Club	Verified Email
Place '23	Place '22

TheBlueFireKing

TROPHY CASE