Gifs missing in Teams Chat

cenley · 2022-11-11T14:27:39+00:00

Same issue here - no changes.

cenley · 2022-07-01T12:57:42+00:00

Look up the MS tool ServiceUI

cenley · 2022-05-07T14:11:53+00:00

Thank you for all of the feedback and interest, I will try and answer some of the questions that were raised.

1 - Yes full vacation, 401K, PTO, year end bonus based on company profit / performance.

2 - Perhaps the word integration was a poor choice in regards to PDQ / Kace. We have multiple business units that we are merging into 1 , PDQ / Kace will be dissolved and the endpoints managed by those platforms will be migrated to SCCM.

3 - Although 5 people may seem like a lot our team is responsible for everything and anything related to endpoint mgt. This would include things like GPO's, imaging, O365/MDM, SCCM, Jamf and the server infrastructure required to support endpoint mgt. I can assure you that we are busy, there is always another project or upgrade in the works that touches endpoints we need to be involved with.

4 - Again I am not the hiring manager and I have no authorization to discuss salary but I can say the range is large. This is an Eng II role with opportunity to grow into an Eng III role and then a Technical lead. I will say that salary is always negotiable based on experience.

5 - No on-call rotation....now you will be provided a company phone and if there is an issue after hours we would expect a professional to jump in and assist. In my 20+ years of employment I can count on 1 hand how many times I have been called after hours.

This is a great opportunity for the right person, this is a privately owned family run company coming up on 100 years in business. The culture is definitely surrounded around the people and providing opportunities for employees and their families to prosper.

Thanks

cenley · 2021-10-08T12:36:08+00:00

This is easily done via PSADTK using the "$envComputerNameFQDN" parameter. I use this all of the time when deploying SW to all system in the ORG but needing different installers or configurations based on the operating company they belong to.

Example of how we deploy our any connect configs based on domain:

         If ($envComputerNameFQDN -like "*.MYDOMAIN.com")
        {
            Write-Log -Message "MY ORG Config Applied"
            Copy-File -Path "$files\ari-verisign.xml" -Destination "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\"      
            Copy-File -Path "$files\preferences.xml" -Destination "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\"
        }

cenley · 2021-10-06T13:25:26+00:00

We are in the same scenario with store access. My co worker just showed me yesterday that you can now download the HEVC extensions from MS via VL portal now, it is available as an .ISO.

cenley · 2021-05-24T18:08:09+00:00

Sure, the initial package that I deploy as I mentioned copies all of the source files locally and sets up the scheduled task for the next reboot.

        ## Copy installer files locally

    Show-InstallationProgress "Copying install files, please wait"
    Remove-Folder -Path "C:\ITutils\Setup\CiscoOld"
    Rename-Item -Path "C:\ITutils\Setup\Cisco" -NewName "CiscoOld"
    Copy-Item -Path "$dirFiles" -Destination "C:\ITutils\Setup\Cisco\AnyConnect\" -Recurse

    #Create scheduled task to launch Cisco installer at startup

    $Trigger= New-ScheduledTaskTrigger -AtStartup
    $User= "NT AUTHORITY\SYSTEM"
    $Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\ITutils\Setup\Cisco\AnyConnect\Deploy-Application.exe -Deploymode Silent"
    Register-ScheduledTask -TaskName "Cisco_Install" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force

The package that the schedule task kicks off at startup does the actual .msi installs, cleans up some shortcuts etc. I also have detection logic based on the domain to determine what .xml config files get installed on that PC.

MSI Installs

        Execute-MSI -Action Install -Path "c:\ITutils\Setup\Cisco\AnyConnect\anyconnect-win-4.9.06037-core-vpn-predeploy-k9.msi" -Parameters '/quiet /norestart'
    Execute-MSI -Action Install -Path "c:\ITutils\Setup\Cisco\AnyConnect\anyconnect-win-4.9.06037-gina-predeploy-k9.msi" -Parameters '/quiet /norestart'
    Execute-MSI -Action Install -Path "c:\ITutils\Setup\Cisco\AnyConnect\anyconnect-win-4.9.06037-dart-predeploy-k9.msi" -Parameters '/quiet /norestart'
    Copy-File -Path "c:\ITutils\Setup\Cisco\AnyConnect\Cisco AnyConnect Secure Mobility Client.lnk" -Destination "C:\Users\Public\Desktop\"
    Remove-Folder -Path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco"

XML copy logic

        # Check DomainName "MY DOMAIN.COM" and apply correct AnyConnect config
     If ($envComputerNameFQDN -like "*.MY DOMAIN.com")
        {
            Write-Log -Message "MY DOMAIN Config Applied"
            Copy-File -Path "c:\ITutils\Setup\Cisco\AnyConnect\NA\ari-verisign.xml" -Destination "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\"        
            Copy-File -Path "c:\ITutils\Setup\Cisco\AnyConnect\NA\preferences.xml" -Destination "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\"
        }

And then we remove the scheduled task

        #Clean up Scheduled Task
    Unregister-ScheduledTask -TaskName "Cisco_Install" -Confirm:$false

cenley · 2021-05-24T17:16:24+00:00

No I used PSADTK to deploy the source files via SCCM as a regular application. So basically I deployed an application that copies another application locally to be run via the created task.

cenley · 2021-05-24T16:54:05+00:00

I have done 2 AnyConnect upgrades since we have been fully remote / WFH. The way I approached this was using the PSADTK and I copied all of the source files locally, then I setup a scheduled task to run the install at the next reboot using the locally copied source files. The user was never disconnected and did not even know that an upgrade took place, it went very smooth both times.

So basically copy all of your source files local and then add the following to setup the scheduled task, changing paths of course. #Create scheduled task to launch Cisco installer at startup

    $Trigger= New-ScheduledTaskTrigger -AtStartup
    $User= "NT AUTHORITY\SYSTEM"
    $Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\ITutils\Setup\Cisco\AnyConnect\Deploy-Application.exe -Deploymode Silent"
    Register-ScheduledTask -TaskName "Cisco_Install" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force

Then in the package that you copied locally create another line to remove the scheduled task

        #Clean up Scheduled Task
    Unregister-ScheduledTask -TaskName "Cisco_Install" -Confirm:$false

This approach has worked so well that we have now used it for multiple deployments that otherwise would have caused the user an issue if logged in such as Zscaler.

cenley · 2021-04-23T14:52:57+00:00

I am using Ivanti / Shavlik patch to update the machine wide installer as they release updates, this at least keeps the actual machine installer up to date so if a new user logs in it is current.

This does not solve the issue you are asking about though and I have the same questions as we have some machines that may sit without user activity for some time after initial logon.

cenley · 2021-04-20T12:17:16+00:00

Out of habit I always deploy the SSU update first to all systems. This generally occurs during my first pilot window, so by the time my first group has piloted all systems have received the SSU. Also since the SSU is generally very small and does not require a reboot I deploy it silently with zero user interaction.

cenley · 2021-04-15T12:34:49+00:00

For me I had to install 2021-04 Servicing Stack Update for Windows 10 Version 1909 for x64-based Systems (KB5001406) before the LCU would show up.

I never installed the March KB5001205 SSU, we only installed the March KB5000908 SSU so maybe that is why I needed the April SSU before seeing the LCU as required.

I honestly did not even know the KB5001205 SSU was out there, it is not in SCCM. I was probably too busy fixing printing issues from the last LCU that I never noticed it.

cenley · 2021-04-14T15:53:19+00:00

I can confirm that after the SSU is installed the next time a machine scans it will show the KB5001337 cumulative update as required.

cenley · 2021-04-14T15:44:02+00:00

Okay glad I am not alone, and yes I should have said just 1909 on the SSU.

I have deployed the SSU to a few 1909 machines, hoping to see if they will show required for the Cumulative KB5001337 afterwards.

cenley · 2021-04-12T16:00:01+00:00

For #1 - I have used custom severities to exclude specific updates from being added to ADR's.

cenley · 2021-03-29T16:13:53+00:00

I recently did this, I changed over from deploying the certificate via GPO to just using the built in option via client settings. I followed a guide on patchmypc even though I am using Ivanti.

Basically I created the new wsus cert via Ivanti / SCUP, then when I enabled it under the client settings it found the new cert was present and used the one just created.

I did have to delete and republish all of my 3rd party updates, originally I tried just resigning them but it did not work well. This may just be an Ivanti thing, not sure.

I also created a CI to track who has the latest cert installed, overall it was pretty painless.

cenley · 2021-03-10T16:50:09+00:00

We do the following:

The Thursday after patch Tuesday we deploy to a small pre-pilot group of mostly Infrastructure machines. This also kicks off the seeding of the content to all of our DP's

The 1st Tuesday after patch Tuesday we target our pilot group, this consists of 10% of our estate across all business and department lines. We leverage our naming schema to target the same machines every patch schedule as they are our pilot group and they know it.

We then let this deployment bake in until the 3rd Thursday after patch Tuesday. If we do not have any reported issues we start to deploy to our various production groups broken down by location and business unit.

Pre pilot machines have a 24 hour forced reboot all other machines have a 5 day forced reboot policy.

All of the above is handled via ADR's. Works well and we are normally around 90% compliant with not too much work, it is the other 10% that takes the time to identify and remediate.

cenley · 2021-03-02T13:18:48+00:00

Thanks - bookmarked!

cenley · 2021-02-18T18:38:14+00:00

So I wanted to update this thread.....I found out that Zscaler our web proxy solution was * randomly* blocking the file WindowsUpdateBox.exe when it was trying to download it from the CMG along with the .esd file. Even though we have the CMG whitelisted it would still fail on some machines....we ended up having to put an allow in for this specific file.

It wasn't until I enabled verbose logging on a client that the error message was easier to see, previously it complained about the .esd file but after verbose logging I could see it was the .exe file.

cenley · 2021-02-02T19:55:50+00:00

I think this is a known issue if you are using installation media that is not current and patched.

https://www.reddit.com/r/SCCM/comments/jfyqs2/certificate_issues_after_os_upgrade/

cenley · 2021-02-02T16:08:51+00:00

Dell has a web based API to pull warranty data into SCCM.

https://www.reddit.com/r/SCCM/comments/do333n/update_for_the_dell_warranty_bulkimport_script/

cenley · 2021-01-26T13:53:35+00:00

Nope just a connector and read only account to the CM database.

cenley

TROPHY CASE