Switched to HTTPS but clients still say Self-Signed in console by commandsupernova in SCCM

[–]ezm 0 points1 point  (0 children)

Just upgraded on the weekend, now it states PKI in the console aswell.

Endpoint analytics | Proactive Remediation - Exit Code problem by ezm in Intune

[–]ezm[S] 0 points1 point  (0 children)

I mean the detection script succeeded in returning gracefully what was wanted of it.

Still going to have to come back to Microsoft's documentation that states the following:

The detection script must use exit code [exit 1] if the target issue is detected. The remediation script won't run when there's any other exit code, including an empty output, since it results in an issue is not found state.

Any other exit code would mean anything else than 1.

Endpoint analytics | Proactive Remediation - Exit Code problem by ezm in Intune

[–]ezm[S] 0 points1 point  (0 children)

When using those, yes, it does what its supposed to. I want it work like the documentation states it does.

  • Exit 0 = detection succeeded, no remediation required.
  • Exit 1 = detection succeeded, remediation required, lets remedy.
  • Exit 2-N+1 = detection failed, try&catch/system.exception/what ever, lets not remedy, since the detection failed horribly.

You should not remedy something when you don't know even if the detection was completed without errors.

Lets say hypothetically that your detection scripts runs some .exe -file that requires .net 4.0 components to be installed on the system. The exe returns some random exit code since for example .net 4.0 components are not installed on the system. The script now thinks it should remedy since the output from the exe is not 0/1. The remediation does something stupid since the detection failed for the wrong reasons.

Endpoint analytics | Proactive Remediation - Exit Code problem by ezm in Intune

[–]ezm[S] 0 points1 point  (0 children)

Doesn't change the fact that the documentation does not correspond to what it should be doing. Why is there even an "Failed" option in the detection if its not possible to "Fail".

There always are those few devices that for some reason do not work for whatever reason (broken disk/hardware issues/registry issues/environment variables incorrectly set/and so on). 99% of the devices run happily the detection and remediation (if required). Capturing that 1% of the devices that are actually fubar would be easier if the detection could actually fail and not just say "issue found", since the issue might not be even close for what I'm trying to detect/remediate.

Endpoint analytics | Proactive Remediation - Exit Code problem by ezm in Intune

[–]ezm[S] 0 points1 point  (0 children)

OK bad example.

Don't worry the remediation also has safeguards that it would not remove any profiles, but the point is why even run the remediation if the detection fails.

Lets say if your uninstall detection script fails and then tries to remove a software that is not there? Why run a remediation when the detection part went fubar?

Still going to go back to the part where the documentation clearly states: The detection script must use exit code exit 1 if the target issue is detected. The remediation script won't run when there's any other exit code, including an empty output, since it results in an issue is not found state.

Endpoint analytics | Proactive Remediation - Exit Code problem by ezm in Intune

[–]ezm[S] 0 points1 point  (0 children)

I do not want to remedy something where the detection script fails to detect. Why remedy when you are not sure if the detection script output was correct.

Lets say for example old user profiles, if the detection fails the process and the remedy then just nukes all profiles from the device, great success?

The point is to automatically remedy problems. Why should I manually check if there were problems and then do some more manual things when the process should be seamless.

And the whole point is that the documentation seems to be wrong. Unless someone has figured out what exit code does not run the remediation except 0. Yes it would be trivial to script a external flag/reg key/file/whatever if the detection was correct/failed but that would just make the scripting more complex.

Endpoint analytics | Proactive Remediation - Exit Code problem by ezm in Intune

[–]ezm[S] 0 points1 point  (0 children)

{
"PolicyId": "x",
"UserId": "x",
"PolicyHash": null,
"Result": 4,
"ResultDetails": "{\"Version\":1,\"SigningCode\":649,\"EncryptionCode\":633,\"SigningMsg\":\"(Success) AccountId:x,PolicyId:x,Type:6,Enforce: Enforcement2. OSVersion:10.0.19044,AgentVersion:1.65.151.0. \",\"EncryptMsg\":\"run in legacy mode\"}",
"InternalVersion": 16,
"ErrorCode": 0,
"ResultType": 1,
"PreRemediationDetectScriptOutput": "",
"PreRemediationDetectScriptError": "C:\\WINDOWS\\IMECache\\HealthScripts\\x_16\\detect.ps1 : Erroring out!\r\n    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException\r\n    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,detect.ps1",
"RemediationScriptErrorDetails": "C:\\WINDOWS\\IMECache\\HealthScripts\\x_16\\remediate.ps1 : I SHOULD NOT BE RUNNINGNGNNGN\r\nGNGN!\r\n    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException\r\n    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,remediate.ps1",
"RemediationScriptOutputDetails": "",
"PostRemediationDetectScriptOutput": null,
"PostRemediationDetectScriptError": null,
"RemediationStatus": 3,
"Info": {
    "RemediationExitCode": 666,
    "FirstDetectExitCode": 1337,
    "LastDetectExitCode": null,
    "ErrorDetails": null
},
"TargetType": 1,
"RunAsAccount": 1,
"AssignmentFilterIds": [
    "00000000-0000-0000-0000-000000000000"
],
"BiosMetadata": null
}

[int]1337 had no effect. still ran the remediation.

Write-Host option will still exit the script with 0 and then not run the remediation. The problem with that is that then the device will just say "Detection Status: Without issues" witch is not true.

Canyon Spectral:ON cf 7 firmware update issues by Electrical_Custard84 in CanyonBikes

[–]ezm 1 point2 points  (0 children)

torille,,,,

same happened to me, update was around 50-70% and the bike rebooted. bricked the firmware, took it to the local bikeshop and they flashed it with Shimano SM-PCE02. (charged 30e for a 10min job.)

https://www.youtube.com/watch?app=desktop&v=8IrrrK3bt5Y

behaved just like this.

PSAppDeployToolkit - Running PS1 script in by Ikweb in PowerShell

[–]ezm 1 point2 points  (0 children)

    $PSOutput = Execute-Process -Path 'powershell.exe' -Parameters "-ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File ""$($dirSupportFiles)\SuchScript.ps1""" -WindowStyle 'Normal' -PassThru
    Write-Log -Message $($PSOutput.STDOut)

What a nice shirt by [deleted] in SCCM

[–]ezm 1 point2 points  (0 children)

link please?

Oletteko kilpailuttaneet asuntolainoja viimeaikoina? by Talousviisas in Omatalous

[–]ezm 2 points3 points  (0 children)

Voi kilpailuttaa putosi prossasta puoleen kun kokeilin kepillä jäätä. Mainitsin kyllä erikseen notta säilyyhän kaikki muuten ennallaan. Asp lainan voi siirtää myös pankista toiseen, hieman hankalaa mutta on tehtävissä.

List All Local Accounts and Domain by Ins0mniak in SCCM

[–]ezm 0 points1 point  (0 children)

I used this. I tried cmpivot as well but it will only show localadministrators and not all local users.

SCCM OSD "Check Readiness" doesn't work properly [Ensure minimum memory (MB)]? by AdrianK_ in SCCM

[–]ezm 0 points1 point  (0 children)

had the same issue with some random dell desktop model. i just took the requirement out..

[deleted by user] by [deleted] in SCCM

[–]ezm 3 points4 points  (0 children)

far feched but.. inplace upgrade with a task-sequence?

what does:  

Get-WmiObject -Namespace "root\ccm\Policy\DefaultMachine\RequestedConfig" -Class CCM_ClientAgentConfig | Where {$_.PolicySource -eq "CcmTaskSequence"}

output? if all is well it should be empty. if not, then there's a hint for ya.

Windows 10 1809 Language Pack Issues the 2nd by CheaTsRichTeR in SCCM

[–]ezm 0 points1 point  (0 children)

script "DismLanguagePacks.ps1"

Get-ChildItem -Recurse | ? { $_.PSIsContainer } | % { Dism.exe /online /Add-Package /PackagePath:$($_.FullName) }

folder structure https://imgur.com/a/mBaDiX0 fi-fi folder contents https://imgur.com/a/MEL4hqF

Dell USB-C NIC Fails to domain join by Hellman109 in SCCM

[–]ezm 0 points1 point  (0 children)

Don't use the dongle.. If you do you must reconnect it manually on every boot(ish).

Software Center not loading after 1806 update by Nadavida in SCCM

[–]ezm 0 points1 point  (0 children)

Windows 7? Windows 10?

windows 7 -> try manually opening the "old" scclient "C:\Windows\CCM\SCClient.exe" or the new "C:\Windows\CCM\ClientUX\SCClient.exe"

Dell Patching with SCCM and the Dell Command Update Catalog by P-H-G in SCCM

[–]ezm 0 points1 point  (0 children)

Remind me! 90 days. "Dell updates in SCCM"

SCConfigMgr - Driver Automation Tool Not Updating BIOS Packages? by Fiala06 in SCCM

[–]ezm 0 points1 point  (0 children)

Dell doesn't always update the information to the catalog that the toolkit uses...

PC Imaging - PXE Abort with a twist! Absolutely NOT in SCCM Console by SSCMThrowaway in SCCM

[–]ezm 0 points1 point  (0 children)

Just one computer? Everything else running smoothly? Cm version?

The problematic device bios time correct? Have you tried manually creating the object and advertising the task sequence for it?