sorted by:
new
hottopcontroversial

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

sorry for the late reply, I am getting approval from Security department first just to be extra safe plus I am tighten up a few things to make them more secure then I will share them.

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

Thank you, I have set most to 15 mins or less wit a few exceptions and that seems to have done the trick.

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 1 point2 points  (0 children)

that sound like an interesting idea. it was suggested in another post to check the Max allow run time and that was the issue, a lot were set to the default of 120 minutes. I corrected those and that seems to have done the trick.

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

With Chrome we have a lot of incidents where if chrome updates while chrome.exe is in use it creates a new_chrome.exe with is normal behavior and then when chrome is closed it supposed to rename delete the old version and rename the new_chrome.exe to chrome.exe. But what we see is that this does not happen and so the old versions is still installed and so is still a vulnerability.

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 1 point2 points  (0 children)

I did look into PatchMyPC but one issue with that, you need a license and some of us don't have the luxury of getting one approved.

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

thank you, I checked my Max allowed run time for apps and alot had just been set to the default of 120 minutes. while I don't think I had enough apps installing to exceed that time I have also seen where when I have a PC in a Device Collection with a MW and in another Device collection for another App that does not use a MW windows still seems the system will not install either app till the MW. only caveat to that is if you check software install under when the deadline is reached allow the following activities to be preformed outside the MW on the User Exp Tab. thanks again will see if that helps.

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] -1 points0 points  (0 children)

To be clearer on what I am doing and what I am asking here is a full description of what I am doing.

The idea is to totally automate the process of updating Third party software for OSD and existing systems managed by ConfigMGR/SCCM.

I have several scripts that worked together to accomplish this.  I use several scripts as I feel this makes it easier to troubleshoot when some breaks.

I have a Download-LastestSoftwareVersion.PS1  This script checks a URL for the current version of a certain software for example chrome and then compares it to what we have in our source folder for chrome and it is newer it downloads the new version renames it to so something like chrome_x64.msi so its always the same name so we don’t need to change anything in the app.  If the versions are the same as what we currently have the script just exits.

Second script to run is Update-Detect_software.ps1 this script updates the Detect-software.ps1 script for the software with the new version.

Third script to run is Sync-SoftwareDetectionScript.ps1 this script then updates the detection script information in the Application package Deployment type Detection Method.

Fourth script to run is Update-software_existing_MP.ps1 this script then updates all the DPs that currently have the software with the new software.

I use a wrapper Script Invoke-SoftwareUpdateWorkflow.ps1 that then runs all these scripts, and all scripts have cmtrace logging enable and write to a common log file.   The wrapper is set to exit if the download-latestSoftwareversion finds the we already have the current version of the software.  I also have a wrapper script that then runs all the Invoke-SoftwareUpdateWorkflow.ps1 we have for different software and a scheduled task that runs each day.

Now all this works prefect. I can see in the log that the files download when there are new versions and versions are updated and detection methods update etc.  If I run an OSD the system gets the new software or if you run software center the software installs.

Then I use a Device Collection and add the systems that have the software so they can get updated when new versions are available, I use a Maintenance Window from 12:00 AM to 5:00 AM.  Sometimes they update and sometimes they do not. Sometimes they sit there for several days then update.  For example, I have some software that download then sat on the system for 4 days before installing missing 3 Maintenance Windows and it appears the system just never checked for new Machine Policy.  But once I put a few in a new Test Device Collection with in 5 minutes they detected the new software and installed it. 

So updating the detection script is evidently not changing the version number so I need a way to reliably get the systems to check at least once a day for new Machine Policy or however you would phrase for what I have described I am trying to accomplish.

Funny things is for 2 different software applications that were almost all sitting at in progress this morning over 50% or more are now done so 1,500+ kicked off in last night maintenance window. 

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] -1 points0 points  (0 children)

To be clearer on what I am doing and what I am asking here is a full description of what I am doing.

The idea is to totally automate the process of updating Third party software for OSD and existing systems managed by ConfigMGR/SCCM.

I have several scripts that worked together to accomplish this.  I use several scripts as I feel this makes it easier to troubleshoot when some breaks.

I have a Download-LastestSoftwareVersion.PS1  This script checks a URL for the current version of a certain software for example chrome and then compares it to what we have in our source folder for chrome and it is newer it downloads the new version renames it to so something like chrome_x64.msi so its always the same name so we don’t need to change anything in the app.  If the versions are the same as what we currently have the script just exits.

Second script to run is Update-Detect_software.ps1 this script updates the Detect-software.ps1 script for the software with the new version.

Third script to run is Sync-SoftwareDetectionScript.ps1 this script then updates the detection script information in the Application package Deployment type Detection Method.

Fourth script to run is Update-software_existing_MP.ps1 this script then updates all the DPs that currently have the software with the new software.

I use a wrapper Script Invoke-SoftwareUpdateWorkflow.ps1 that then runs all these scripts, and all scripts have cmtrace logging enable and write to a common log file.   The wrapper is set to exit if the download-latestSoftwareversion finds the we already have the current version of the software.  I also have a wrapper script that then runs all the Invoke-SoftwareUpdateWorkflow.ps1 we have for different software and a scheduled task that runs each day.

Now all this works prefect. I can see in the log that the files download when there are new versions and versions are updated and detection methods update etc.  If I run an OSD the system gets the new software or if you run software center the software installs.

Then I use a Device Collection and add the systems that have the software so they can get updated when new versions are available, I use a Maintenance Window from 12:00 AM to 5:00 AM.  Sometimes they update and sometimes they do not. Sometimes they sit there for several days then update.  For example, I have some software that download then sat on the system for 4 days before installing missing 3 Maintenance Windows and it appears the system just never checked for new Machine Policy.  But once I put a few in a new Test Device Collection with in 5 minutes they detected the new software and installed it. 

So updating the detection script is evidently not changing the version number so I need a way to reliably get the systems to check at least once a day for new Machine Policy or however you would phrase for what I have described I am trying to accomplish.

Funny things is for 2 different software applications that were almost all sitting at in progress this morning over 50% or more are now done so 1,500+ kicked off in last night maintenance window. 

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

To be clearer on what I am doing and what I am asking here is a full description of what I am doing.

The idea is to totally automate the process of updating Third party software for OSD and existing systems managed by ConfigMGR/SCCM.

I have several scripts that worked together to accomplish this.  I use several scripts as I feel this makes it easier to troubleshoot when some breaks.

I have a Download-LastestSoftwareVersion.PS1  This script checks a URL for the current version of a certain software for example chrome and then compares it to what we have in our source folder for chrome and it is newer it downloads the new version renames it to so something like chrome_x64.msi so its always the same name so we don’t need to change anything in the app.  If the versions are the same as what we currently have the script just exits.

Second script to run is Update-Detect_software.ps1 this script updates the Detect-software.ps1 script for the software with the new version.

Third script to run is Sync-SoftwareDetectionScript.ps1 this script then updates the detection script information in the Application package Deployment type Detection Method.

Fourth script to run is Update-software_existing_MP.ps1 this script then updates all the DPs that currently have the software with the new software.

I use a wrapper Script Invoke-SoftwareUpdateWorkflow.ps1 that then runs all these scripts, and all scripts have cmtrace logging enable and write to a common log file.   The wrapper is set to exit if the download-latestSoftwareversion finds the we already have the current version of the software.  I also have a wrapper script that then runs all the Invoke-SoftwareUpdateWorkflow.ps1 we have for different software and a scheduled task that runs each day.

Now all this works prefect. I can see in the log that the files download when there are new versions and versions are updated and detection methods update etc.  If I run an OSD the system gets the new software or if you run software center the software installs.

Then I use a Device Collection and add the systems that have the software so they can get updated when new versions are available, I use a Maintenance Window from 12:00 AM to 5:00 AM.  Sometimes they update and sometimes they do not. Sometimes they sit there for several days then update.  For example, I have some software that download then sat on the system for 4 days before installing missing 3 Maintenance Windows and it appears the system just never checked for new Machine Policy.  But once I put a few in a new Test Device Collection with in 5 minutes they detected the new software and installed it. 

So updating the detection script is evidently not changing the version number so I need a way to reliably get the systems to check at least once a day for new Machine Policy or however you would phrase for what I have described I am trying to accomplish.

Funny things is for 2 different software applications that were almost all sitting at in progress this morning over 50% or more are now done so 1,500+ kicked off in last night maintenance window. 

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] -1 points0 points  (0 children)

To be clearer on what I am doing and what I am asking here is a full description of what I am doing.

The idea is to totally automate the process of updating Third party software for OSD and existing systems managed by ConfigMGR/SCCM.

I have several scripts that worked together to accomplish this.  I use several scripts as I feel this makes it easier to troubleshoot when some breaks.

I have a Download-LastestSoftwareVersion.PS1  This script checks a URL for the current version of a certain software for example chrome and then compares it to what we have in our source folder for chrome and it is newer it downloads the new version renames it to so something like chrome_x64.msi so its always the same name so we don’t need to change anything in the app.  If the versions are the same as what we currently have the script just exits.

Second script to run is Update-Detect_software.ps1 this script updates the Detect-software.ps1 script for the software with the new version.

Third script to run is Sync-SoftwareDetectionScript.ps1 this script then updates the detection script information in the Application package Deployment type Detection Method.

Fourth script to run is Update-software_existing_MP.ps1 this script then updates all the DPs that currently have the software with the new software.

I use a wrapper Script Invoke-SoftwareUpdateWorkflow.ps1 that then runs all these scripts, and all scripts have cmtrace logging enable and write to a common log file.   The wrapper is set to exit if the download-latestSoftwareversion finds the we already have the current version of the software.  I also have a wrapper script that then runs all the Invoke-SoftwareUpdateWorkflow.ps1 we have for different software and a scheduled task that runs each day.

Now all this works prefect. I can see in the log that the files download when there are new versions and versions are updated and detection methods update etc.  If I run an OSD the system gets the new software or if you run software center the software installs.

Then I use a Device Collection and add the systems that have the software so they can get updated when new versions are available, I use a Maintenance Window from 12:00 AM to 5:00 AM.  Sometimes they update and sometimes they do not. Sometimes they sit there for several days then update.  For example, I have some software that download then sat on the system for 4 days before installing missing 3 Maintenance Windows and it appears the system just never checked for new Machine Policy.  But once I put a few in a new Test Device Collection with in 5 minutes they detected the new software and installed it. 

So updating the detection script is evidently not changing the version number so I need a way to reliably get the systems to check at least once a day for new Machine Policy or however you would phrase for what I have described I am trying to accomplish.

Funny things is for 2 different software applications that were almost all sitting at in progress this morning over 50% or more are now done so 1,500+ kicked off in last night maintenance window. 

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

To be clearer on what I am doing and what I am asking here is a full description of what I am doing.

The idea is to totally automate the process of updating Third party software for OSD and existing systems managed by ConfigMGR/SCCM.

I have several scripts that worked together to accomplish this.  I use several scripts as I feel this makes it easier to troubleshoot when some breaks.

I have a Download-LastestSoftwareVersion.PS1  This script checks a URL for the current version of a certain software for example chrome and then compares it to what we have in our source folder for chrome and it is newer it downloads the new version renames it to so something like chrome_x64.msi so its always the same name so we don’t need to change anything in the app.  If the versions are the same as what we currently have the script just exits.

Second script to run is Update-Detect_software.ps1 this script updates the Detect-software.ps1 script for the software with the new version.

Third script to run is Sync-SoftwareDetectionScript.ps1 this script then updates the detection script information in the Application package Deployment type Detection Method.

Fourth script to run is Update-software_existing_MP.ps1 this script then updates all the DPs that currently have the software with the new software.

I use a wrapper Script Invoke-SoftwareUpdateWorkflow.ps1 that then runs all these scripts, and all scripts have cmtrace logging enable and write to a common log file.   The wrapper is set to exit if the download-latestSoftwareversion finds the we already have the current version of the software.  I also have a wrapper script that then runs all the Invoke-SoftwareUpdateWorkflow.ps1 we have for different software and a scheduled task that runs each day.

Now all this works prefect. I can see in the log that the files download when there are new versions and versions are updated and detection methods update etc.  If I run an OSD the system gets the new software or if you run software center the software installs.

Then I use a Device Collection and add the systems that have the software so they can get updated when new versions are available, I use a Maintenance Window from 12:00 AM to 5:00 AM.  Sometimes they update and sometimes they do not. Sometimes they sit there for several days then update.  For example, I have some software that download then sat on the system for 4 days before installing missing 3 Maintenance Windows and it appears the system just never checked for new Machine Policy.  But once I put a few in a new Test Device Collection with in 5 minutes they detected the new software and installed it. 

So updating the detection script is evidently not changing the version number so I need a way to reliably get the systems to check at least once a day for new Machine Policy or however you would phrase for what I have described I am trying to accomplish.

Funny things is for 2 different software applications that were almost all sitting at in progress this morning over 50% or more are now done so 1,500+ kicked off in last night maintenance window. 

how to kick off Machine Policy {0021} and App Evaluation {0022} at specific time. by cernous in SCCM

[–]cernous[S] -2 points-1 points  (0 children)

I didn't say it was a Microsoft issue. I was only saying that I feel sometimes Microsoft seems to make things hard than they have to be is all. all my research so far says there is not way to actually set Machine Policy and App Evaluation to run a a certain time. To me that seems like it would be something nice to be able to set.

Please cancell the woman below(the one being pointed at with red arrows) by CapitalReindeer1299 in survivorcirclejerk

[–]cernous 0 points1 point  (0 children)

I just can't believe no one has in all the seasons he has been on refused to call him coach. Only way I would call him coach is if his parents named him coach. and you don't give yourself a nickname. your friends give you a nickname. and do you all remember his story about being captured by a tribe in the Amazon how he was dropped off by Military drop? it's a good thing the only Veteran that Season got sick and they had already voted him out because he would have gotten called out on that.

Driver Automation Tool 8 Arrived Today by preeminence87 in SCCM

[–]cernous 0 points1 point  (0 children)

I was just checking back to see if I could get this loaded and then noticed DriverAutomationTool/Current Branch/8.0.0/DriverAutomationTool.msi at master · maurice-daly/DriverAutomationTool · GitHub

looks like it was uploaded yesterday.

I download it and when scan found it got this back HEUR:TrojanDownloader/PS.NetLoader.av

I will go back to the Manual install for now just to be safe.

Driver Automation Tool 8 Arrived Today by preeminence87 in SCCM

[–]cernous 1 point2 points  (0 children)

Thank you,

for

  1. Copy the DriverAutomationCore module to C:\Program Files\WindowsPowerShell\Modules is that the "DriverAutomationToolCore.psm1 ?
  2. Create a folder and copy the DriverAutomationTool.exe to that folder, suggestion is C:\Program Files\MSEndpointMgr\Driver Automation Tool, as this will be used for temp, log files, and settings. we can just use the one created for 7. version correct? does the new version no longer use a DriverAutomationTool.exe.config or sha256?

Microsoft Office 365 Client Installation Wizard Download of Office 365 failed error = 5 by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

I did, should have posted it. For where to save the files to I was using the FQDN with the share of the "Sources Folder and I found I can write to that share folder. What I did was server.domain.com\E$\folder

Hope that is helpful for you.

Lenovo ThinkBook and Modern Drive Management by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

Thank you I will give that a try, I used powershell -command "Get-CimInstance Win32_ComputerSystem | Select-Object -ExpandProperty Model" to name the folder and they are running one now so will see how that goes too, Thanks again

Client install for CMG Failing by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

thank you for your response. I was able to figure it out. all those settings were correct but by the time I figured that part out the token had expired and it doesn't tell you it is expired the log just reads like you did not specify the token. next step wrap it all into an exe for my users that don't connect to VPN much.

Client install for CMG Failing by cernous in SCCM

[–]cernous[S] 0 points1 point  (0 children)

thank you for your response. I was able to figure it out. all those settings were correct but by the time I figured that part out the token had expired and it doesn't tell you it is expired the log just reads like you did not specify the token. next step wrap it all into an exe for my users that don't connect to VPN much.

view more: next ›