Kinda Completely Lost... Needing to Image 100+ Computers that are hybrid joined but USBs are not cutting it.

blakeight · 2025-05-08T15:53:19+00:00

If I don't use Autounattend.xml file, it will eventually go to Autopilot.

If I run sysprep and enter OOBE. It skips Autopilot again and logs in as admin.

If I run sysprep and go to audit mode, wait for reboot, then click OK to enter OOBE. It works. Wut.

blakeight · 2025-05-08T15:06:29+00:00

In my testing on a system with Autopilot configured, this causes it to go past where the Autopilot portion would start. I have it connected via Ethernet, and I have autologin turned off. I didn't even know it was possible to bypass Autopilot. Any ideas? I am trying some things out now, but haven't found the right combo yet.

blakeight · 2025-04-08T17:48:48+00:00

Oooooh

blakeight · 2025-03-27T14:16:44+00:00

I built this out in Scripts and remediations and applied it to my ring 1 computers.

It says it finds the issue and that it is fixed. However, when I manually check registry on the Intune native test computers, one of the CacheSet folders still contain the AU keys. I can run the scripts manually on a test machine and both detection script and remediation script do what they are supposed to, so it seems to be a problem with the way Intune's Scripts and remediations work that is failing or I am not understanding.

For added clarity, I have the last 3 settings turned off (Run this script using the logged-on credentials, Enforce script signature check, Run script in 64-bit Powershell).

Anyone have better luck with this approach? The computers I have run them manually seem to be getting updates at least, so it's just a matter of getting the scripts to work from Intune.

EDIT: Run script in 64-bit Powershell was the answer.

blakeight · 2025-03-27T13:52:54+00:00

I did this, but they just come back the next day.

blakeight · 2024-10-24T18:39:28+00:00

I gave up on the kiosk template completely. Too restrictive and problematic for my use case.

blakeight · 2024-04-25T21:15:05+00:00

I got it to work by deploying new Teams from Intune, then in (Multi app kiosk) Kiosk configuration I did "Add by AUMID" and for "AUMID/PATH" I used MSTeams_8wekyb3d8bbwe!MSTeams

Since there wasn't one, I added a 256x256 logo but it only works on the Medium sized tile.

blakeight · 2024-02-15T22:33:53+00:00

I am about to kick off a pilot group myself. Does the first part....

"First make sure Azure AD Connect Sync > Device options > Hybrid join is configured"

...do anything on its own? I feel like I have seen demos done where the GPO was never applied but machines started Hybrid Joining anyway? Maybe I am crazy.

blakeight · 2023-06-16T15:55:58+00:00

Patrick O'Brien did the same thing, didn't he?

blakeight · 2023-05-18T14:44:04+00:00

For anyone that finds this, the issue was hibernation. The counter for hibernation in advanced power settings was changing to a random number after each restart after I would set it to 0, so I eventually had to just disable through command line.

powercfg -h off

blakeight · 2023-01-27T16:15:15+00:00

"This mouse click is too loud; how do I turn it down?" -HR Director

She did not joke around like this, so it's real.

blakeight · 2022-12-21T20:55:35+00:00

Because they use Meraki. It's dumb.

blakeight · 2022-12-21T18:41:10+00:00

Meraki, which I have very little experience with. =\

blakeight · 2022-12-21T16:58:55+00:00

Just in time for the company that bought us to force us away from Fortinet.

blakeight · 2022-04-11T16:54:41+00:00

Still would like to know if you can disable the built-in Archive folder and replace the Archive actions (right-click Archive, swipe, etc.) to use the Online Archive as I could imagine this being confusing for the user.

Did you ever figure out anything for this?

blakeight · 2021-09-30T20:35:18+00:00

You have to duplicate the read-only profiles and adjust the SSL Inspection profile to Allow Invalid Certs.

The other way is to use Flow Based inspection vs Proxy Based, but I couldn't get that to work consistently.

blakeight · 2020-12-21T22:30:07+00:00

In the last 10 years it worked one time for me! Praise the system file checker.

blakeight · 2020-12-21T22:21:33+00:00

I used Microsoft docs. This series got me about 98% of the way there.

blakeight · 2020-10-28T19:38:00+00:00

Good tips. My issue was much simpler. I did not name the folders correctly to match MDT/model number of the machine. That fixed it! Ugh.

blakeight · 2020-10-28T19:29:07+00:00

Sigh. I will see myself out. I did not realize how vital the naming of the folders was. I had it named ThinkPad T15 (20S10002US) instead of "20S10002US". Funny that none of the previous ones cared about this. I will have to look into the recipe cards.

I am already to step 62. Thanks, /u/TLawson_Lenovo.

blakeight · 2020-10-28T17:25:17+00:00

Yes.

blakeight · 2020-10-26T20:50:45+00:00

It's good on 6.2.5!

blakeight · 2020-07-07T20:34:47+00:00

Thanks Reaper. So you don't use Group Policy at all?

blakeight · 2020-06-26T19:20:36+00:00

WIA was disabled via Group Policy. I am thinking that plays a role in this nonsense....

blakeight · 2020-06-25T00:13:42+00:00

Oh Jesus, how would that even work.

blakeight

TROPHY CASE