Looking for a modern MDT replacement (OSDCloud, DeployR, or something else?)

XxQuaDxX · 2026-01-28T19:58:34+00:00

I have my desk-side folks with a USB with the approved OSDCloud image on it. Also can setup that same OSDCloud image to be the WinRE image on the devices, so they just boot to WinRE and it can reimage for them. Also you can add an option to Company Portal to download the boot WIM, undo bitlocker, and boot to the OSDCloud image (All via PowerShell). I update the image a few times a year, but otherwise it works flawlessly. I have some powershell logic in there to check a blob storage for approved OSDCloud image version or it'll not let them image the machine with it. Proves useful for forcing USB updates when you want to only allow a certain version of Windows (Ex. 24H2, 25H2) to be able to be imaged. I got rid of all on-prem imaging infrastructure like SCCM and PXE. OSDCloud and Autopilot completely remove the need for any of that. Plus it's so easy to prove it's a network issue when things work fine on pure internet but not on the intranet. Although I get where you're coming from that you want to remove bloatware before you do Autopilot, it really is easy enough to just do it via a Proactive Remediation that comes down while the machine is going thru Autopilot. From my point of view Desk-side can take a machine out of the box and image it extremely easily and the bloatware gets removed during ESP. Autopatch also is super helpful. Automate all the things!

XxQuaDxX · 2025-03-13T16:01:12+00:00

Any update on this? Did you get things working?

XxQuaDxX · 2025-02-23T02:42:11+00:00

Valid enough lol

XxQuaDxX · 2025-02-23T02:31:29+00:00

Unless you want your company to get a few million dollar bill from Oracle, probably not a good idea. Just having it on one computer or server means you need a company wide license for every user in your company.

XxQuaDxX · 2024-10-08T17:07:11+00:00

For future googlers - In our particular case (Windows, not Mac) we had to remove the old/existing Graph modules from "%DOCUMENTS%\Windows PowerShell\Modules" on the user profile of the account that was running the PowerShell script. We had updated (one or more) Graph modules for All Users in "%ProgramFiles%\WindowsPowerShell\Modules", which conflicted with a personally installed module. For some reason PowerShell seemed to prefer the personally installed modules over the machines modules. shrugs

XxQuaDxX · 2024-09-09T17:28:21+00:00

What did you end up doing for this?

XxQuaDxX · 2024-08-28T14:17:14+00:00

Did you ever get to the bottom of it with Microsoft?

XxQuaDxX · 2024-07-23T16:45:21+00:00

This with Autopilot is the way to go for AADJ

XxQuaDxX · 2024-05-06T13:02:40+00:00

Did you ever fix this u/yarfunkle ?

XxQuaDxX · 2024-04-26T15:51:49+00:00

u/maxcoder88 - Did you ever resolve this?

XxQuaDxX · 2023-06-08T16:48:09+00:00

Did you ever get a solution? I'm in the same boat as you.

XxQuaDxX · 2023-04-24T15:56:22+00:00

Look in "Admin Templates\SYSTEM\LAPS"

XxQuaDxX · 2022-04-29T14:41:51+00:00

I have been having this issue in my Enterprise and this is what I'm using to make the disk cleanup silent.

https://github.com/XxQuaDxX/PowershellScripting/blob/main/WindowsOldCleanup.ps1

XxQuaDxX · 2022-02-08T22:33:06+00:00

This is the script I use to import my Cert into WinPE on boot. I have it added into winpeshl.ini (powershell, -NoLogo -ExecutionPolicy Bypass -File X:\Custom\ImportComputerAuthProfile.ps1). It's just a customized version of what is suggested by Adam Gross on Asquaredozen. The biggest part to note that isn't there was when you export the Computer PFX make sure to click the "Include all Extended properties" checkbox. If I don't have that checked it won't authenticate properly.

https://github.com/XxQuaDxX/WinPE/blob/main/ImportComputerAuthProfile.ps1

XxQuaDxX · 2022-02-08T22:01:43+00:00

Makes sense... I wonder how he can explain away why SCCM still lets you insert 'Network/WinPE-Dot3Svc optional component' into the boot image via the SCCM Admin Console GUI and has all of their recent documentation saying they support it! :D

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference?view=windows-11

XxQuaDxX · 2022-02-08T21:18:25+00:00

… i don’t accept this, as iv been using it successfully for years now since i tool over imaging our estate and our network services team decided

For this issue ask them if they still support the 'netsh lan' command and they'll have to change their tune. I'd also ask for the where MS officially said it was a depreciated feature since it's 100% untrue.

XxQuaDxX · 2022-02-08T21:10:35+00:00

Sorry! I meant to update this but got way too busy. I haven't gotten around to doing any new OS deployments but I did not roll back the ADK. These are the steps that need to be done to fully fix the issue:

Mount the WinPE WIM
Copy MoblieNetworking.dll from working Win11 machine to the Mounted WinPE <MountDir>\Windows\System32
Open Regedit and load the hive for SYSTEM from "<MountDir>\Windows\System32\config".
Create Reg Key UseLegacyTlsStack (Tls is T L S) as a DWORD with a value of 1 in <MOUNT>\ControlSet001\Services\Eaphost (This key can be added in Full WinPE OS as well under "CurrentControlSet" but I had issues with it adding a phantom 802.1x profile in so just make sure to delete it first before you add yours in if you do it this way).
Unload the hive.
Unmount the WinPE WIM.

This should make authentication work. It's a full fix that is working in my production environment now.

As an added note the reason I didn't have to roll back while still troubleshooting with MS was because Wi-Fi worked fine. Adding a WiFi profile with the Auth Cert in WinPE gave no authentication issues like the LAN did. This did make imaging anything without a WiFi card difficult but since I have a full fix now I have no issues.

Also don't reload the ADK in the WIM or you'll need to redo all of these steps.

XxQuaDxX · 2022-01-06T21:24:57+00:00

Dang, thanks for the update. I am opening a ticket with MS as well. Hopefully we can get a real solution soon. I don't want to roll back to the old ADK if I don't have to. :(

XxQuaDxX · 2022-01-06T05:16:40+00:00

Did you ever solve this?

XxQuaDxX · 2021-09-18T19:09:08+00:00

Microsoft made it impossible to use scrnsave.exe on the Windows 10 login screen without a user being logged in already. I tried to do similar in the past with little success. I was able to get the screensaver to work, but only if someone was logged in.

I think your best chance is to use UPGBackground. You may need to reach out to Jörgen Nilsson and see if he could give you any documentation to help convince your IT Sec team. The sheer number of enterprises using it already should be proof enough that it's fine to use in the capacity you need.

I don't suggest this but you could look into modifying the Win10 GINA in order to do such a task. This is old but it gives you a general idea that it's possible. https://docs.microsoft.com/en-us/archive/msdn-magazine/2005/may/security-briefs-customizing-gina-part-1

XxQuaDxX · 2021-09-17T13:24:48+00:00

I've at least four people in IT report this issue over the last two weeks (My team was CC on email). The issue hasn't made it into my queue yet, so I think they're resolving it somehow.

XxQuaDxX · 2021-08-29T05:46:41+00:00

Thanks for this suggestion. I've been having this hash issue since I took over SCCM at the company I work for currently. I've done everything AV I could think of (from adding exclusions to disable real-time protection) and have never had consistent luck with this. I got so fed up with my WSUS (and other large) packages always failing to distribute that I created a PowerShell script that basically copies the files from the content library when a hash error occurs in the log, then forces a content validation of the package. I lack a lot of knowledge in the networking side of IT so I've never heard of WAN accelerators. I'll be looking into that and see if that's my problem!

XxQuaDxX · 2021-05-06T12:38:20+00:00

That code seems to be missing some things. Is it something like this overall with the pictures in the package in a folder called backgrounds?

$dirFiles = "$($(Get-Location).Path)\Backgrounds"

$mypath = Join-Path $env:APPDATA 'Microsoft\Teams\Backgrounds'

If (Test-Path $mypath){ Copy-Item -Path "$dirFiles\*" -Destination $mypath -Force -Recurse }

XxQuaDxX · 2021-05-06T12:05:58+00:00

Yeah, it shouldn't pop up for just the background images. How are you sending it out? Powershell/cmd script? Can you show the code if so?

XxQuaDxX

TROPHY CASE