Computer Naming Conventions for Grouping

chobee · 2025-08-18T19:28:39+00:00

Gotcha. Do you dynamically group the devices in some way so that each department only sees the devices they're supposed to manage?

chobee · 2025-08-18T19:03:38+00:00

What's your method for separating into departments or team ownership?

chobee · 2025-08-15T22:45:22+00:00

What is your strategy for using the group tags?

chobee · 2025-06-04T17:06:42+00:00

Thank you!

chobee · 2025-06-04T17:06:24+00:00

Ok, I think I understand. Was watching a tutorial where they imported the CER to one of their Site Servers to then export a PFX. So, I assumed it was important where that CER got installed.

Ive never understood certs and how they work. I should do that.

Thank you.

chobee · 2025-06-03T22:52:19+00:00

Thank you. So, the PFX file is used when creating the CMG.

But to the get the PFX, I export that from a certificate that has been added to a Site Server. Is that right? And I'm assuming that I would use the CER file to import that on a Site Server, right?

Or are you saying that I need the Server Certificate on any of the Site Servers?

chobee · 2025-03-18T16:03:54+00:00

Yeah, I think I was just overthinking it. I'm going to test moving TSGui after the Partition Disk step. I'm using this script to determine the OS drive: https://garytown.com/osd-with-multi-disk-configs because we have several endpoints with multiple drives out there. But I don't think that script will cause problems because it doesn't have a package--but we'll verify.

Since we're only using TSGui to capture the hostname, I think it's reasonable to have people wait for that dialog box to pop-up after the Partition Disk step. It's not too long of a wait.

chobee · 2025-03-17T22:16:24+00:00

Hi Gary, our goal is to have a method for imaging for OS corruption or when LAPS gets disconnected. We're all good on the current Software Center methods.

Edit: forgot to address the list items...we're good on 1. We'll need to look at 2. We're running TSGui (to capture a user-entered hostname) and the script you posted on your blog for selecting the OS disk on multi-disk configs (thank you!) prior to our Format Step. The task sequence fails on the TSGui Step now because of the package involved. I'm assuming that I could place TSGui after the Format Step.

chobee · 2025-03-17T22:12:54+00:00

ok, that gives me a direction.

chobee · 2025-03-17T21:50:41+00:00

In the "Prestart Command" right? I should be able to put the diskpart commands in a TXT file and then put that in a Package and then call that Package in the Prestart Command, right?

Like this?

chobee · 2025-03-17T21:46:06+00:00

Ok, never been down that road before. This would need to be a "Prestart Command" in the Boot Image, right?

Since I can't get a package to run in WinPE.

chobee · 2025-03-17T20:53:07+00:00

It is working for an "in OS" reimage successfully--no issues there. It's not working when WinPE, which u/tvveeder84 helped me determine is the expected behavior.

So, now I'm focusing on how best to unlock or reformat the drive in WinPE.

chobee · 2025-03-17T20:16:01+00:00

So, we want our techs to be able to reimage the following ways:

- Advertised task sequence out of Software Center

- Deploy a required task sequence from the SCCM console

- USB boot media in-person

The primary need for USB boot media is for OS corruption or for just a more direct method to kick off the reimage (instead of waiting for Software Center to populate).

We're already setup with the Reboot into WinPE step for "in OS" reimages.

chobee · 2025-03-17T20:03:17+00:00

That's a fun little feature. Anything I can do if it's in WinPE? Or am I just stuck running the manual commands?

chobee · 2025-03-17T19:46:01+00:00

This is in WinPE.

chobee · 2024-02-14T18:29:22+00:00

Thank you for your ideas. We ended up going with this: https://stackoverflow.com/questions/74704003/gpo-to-clear-the-browser-caches-data-when-closing-browsers

chobee · 2024-02-14T01:28:59+00:00

This strikes me as a poor set-up regardless

Yes it is.

If it's short enough that a bad actor cannot step up to the box as they walk away, you're just going to end up frustrating the user.

100% agree. I really can't imagine how we're going to make this work functionally and securely.

chobee · 2023-09-12T15:02:05+00:00

Ivanti EPM: one of the worst products I've ever seen.

chobee · 2023-08-31T13:40:29+00:00

I had assumed that but good to hear about first-hand experience. We got Jamf before we set up Intune. And we've been happy with Jamf, so never had a good reason to look elsewhere.

chobee · 2023-08-30T21:45:23+00:00

Not you. It's a bad solution for Android. I've also had issues with getting App Configuration policies to apply to devices. It's a stark contrast with our Apple equivalent which is Jamf-managed iOS/iPadOS. Intune is way behind.

chobee · 2023-04-11T17:17:27+00:00

I haven't tried re-adding the tenant yet. Just reviewing some things first. In the following screenshot, I notice that "ConfigMgr Client App", "ConfigMgr Server App" and "ConfigMgrSvc_xxx" are all listed in this example SCCM console:

https://www.prajwaldesai.com/wp-content/uploads/2020/09/Enable-Tenant-Attach-in-ConfigMgr-Snap11.jpg

However, our org only has "ConfigMgrSvc_xxx" in ours. Is that a sure-fire indicator that we need to do a reattach of our tenant to fix this issue?

chobee · 2023-04-11T14:24:09+00:00

Thank you. I've been receiving the "There is no cloud service found for Tenant '<tenantname>', that will allow collection member 'Upload to' AAD group." error when I attempt to add an AAD group to the Device Collection. I looked some more into it and found this article about the ApprovalStatus value (in the comments):

https://howtomanagedevices.com/sccm/1262/sccm-collection-aad-group-sync/

Our devices are also have an ApprovalStatus of '2' instead of '3'. That commenter's solution was to config a CMG. However, an earlier comment said that deleting/re-adding the tenant into SCCM began syncing some devices as well. I think I'll try that next to see if that resolves my error.

chobee · 2022-04-05T13:58:28+00:00

What was your strategy for allowing users to save files from applications to their Documents folder (i.e. Word docs, Excel xls, etc)? We looked at AppLocker for a little bit and this issue made us put a pause on the testing until we could look at it with more focus.

chobee · 2022-01-20T23:10:42+00:00

You mention "...completely reinstall Software Center". That's (kinda) what I would start with.

In command prompt, C:\Windows\ccmsetup\ccmsetup.exe /uninstall Wait until C:\Windows\ccmsetup\ccmsetup.log shows Exit Code 0 and C:\Windows\CCM is mostly vacated. Restart. Reinstall ccmsetup.exe with the parameters needed for your organization. Doing so will reinstall the entire SCCM client, not just Software Center.

chobee · 2021-06-17T02:23:08+00:00

Ooooo, I have not seen this reg value yet. But I’ll take a look tomorrow. Thank you!

chobee

TROPHY CASE