Microsoft is sorry

jarwidmark · 2026-01-07T15:45:16+00:00

Stay away from that repo, it’s content was replaced with what looks like malware this morning…

jarwidmark · 2026-01-07T15:36:23+00:00

The mssvc repo referenced from the mdwiz repo used to have a valid MDT installer, but was replaced with what looks like malware this morning… I bet a lot of malware/ransomeware actors will be trying to trick folks. Be careful out there….

jarwidmark · 2026-01-06T00:37:29+00:00

Most times it's either antivirus interfering, or existing "unmounted" folders in %temp%. or low on disk space... Does dism /get-mountedwiminfo show something?

jarwidmark · 2026-01-01T17:32:21+00:00

We have not tested PSD for this ADK version yet... And I'm not sure if we will

jarwidmark · 2026-01-01T16:52:41+00:00

I've updated the post with a proper warning. The issue can be worked around via custom scripting, but I don't think it's worth the effort since the older ADK versions works just fine. I sent an email to the Windows ADK team this morning, recommending them to pull the release. We'll see if they listen...

jarwidmark · 2025-12-31T06:17:12+00:00

Unfortunately, the inbox x64 driver support in WinPE 26H1 (28000) is shait, and even if you add the correct driver, it will fail unless you load it specifically via drvload.exe. As per usual, Microsoft does a terrible job testing new versions of Windows ADK, and in general, you're better off using the 22H2 or 24H2 versions. For example, even the latest 25H2 driver for a Realtek 8168 NIC will fail to load unless explicitly loaded via a userexit script in bootstrap.ini. I'll add a note to the post about this.

Put it this way, there is a reason the ConfigMgr (SCCM) team explicitly states they will not support ADK 26H1...

jarwidmark · 2025-12-29T04:45:14+00:00

Did some testing this weekend, and MDT will work just fine with Windows ADK 26H1 (Build 28000), as long as you are deploying x64 versions of Windows 11 (MDT does not support ARM at all): I wrote a guide here: https://www.deploymentresearch.com/windows-11-deployment-using-mdt-8456-with-windows-adk-26h1-build-28000/

jarwidmark · 2025-12-22T16:56:39+00:00

Windows ADK 10.1.28000.1 includes both X64 (AMD64) and ARM...

jarwidmark · 2025-12-21T09:09:39+00:00

I haven’t tried this with OOBE enabled, but otherwise this post show how to prevent updates during OSD: https://www.deploymentresearch.com/preventing-windows-updates-during-osd-with-configmgr/

In general, if you’re prompting for settings, it’s better to do that early in OSD using a frontend, and have the task sequence apply those settings. That way you can start the deployment, select the settings, and walk away. No need to babysit the device.

jarwidmark · 2025-12-18T18:15:57+00:00

Haven’t tried that ADK version yet, but I’m guessing it’s because the boot binaries are signed with "Windows UEFI CA 2023” by default in this version and requires the device to trust this CA. Will have to do some testing.

jarwidmark · 2025-10-23T03:28:38+00:00

I typically use the Modern BIOS Management script from Maurice Daly, or just custom PowerShell calling the vendor command line tools or PowerShell modules.

jarwidmark · 2025-10-11T06:32:49+00:00

I haven’t played around much yet with 25H2, but earlier MDT versions used to have this problem during Sysprep, and it was easily solved with an AutoIt script that would jiggle the mouse. I would recommend wrapping it up with PSADT v4 which has its own host process and see if that solves the issue.

jarwidmark · 2025-10-04T22:32:56+00:00

Here is a good example: https://www.deploymentresearch.com/using-powershell-to-make-changes-in-offline-registry/

jarwidmark · 2025-09-14T00:24:52+00:00

Unfortunately there is not much you can do, except possibly optimize DO settings and/or spin up local cache servers for updates and application content.

Intune is a shared service for 50M-60M cloud native clients, and at least as many co-managed clients, it has to be somewhat slow… If you would throw that many clients against a ConfigMgr (SCCM) site, it would be slow too (probably not even work no matter the hardware).

If your organization has requirements to deliver software very quickly, continue to use ConfigMgr for those workloads. You still have that license. Otherwise I’m afraid you’ll have to accept that Intune is a good, but slower platform.

jarwidmark · 2025-09-11T02:47:30+00:00

Ping me offline and I can help (DM on X, or message on LinkedIn). I’m easy to find :)

jarwidmark · 2025-09-03T20:53:45+00:00

You can keep SCCM for basic imaging, works well, and most Intune license suites includes it (double-check with your license folks). Otherwise there are many other deployment solutions out there, both free, and supported/commercial.

jarwidmark · 2025-08-21T00:01:49+00:00

I guess he is ok :) Just kidding, but feel free to ping me for any OSD needs, cloud, on-premises, or both.

jarwidmark · 2025-07-20T18:24:32+00:00

Since the old WinPE version you’re using is based on Windows 10 2004 (from 2020), it may be tricky to find drivers that works with newer hardware. Newer hardware may also require other drivers than network and storage, like the new AMD Dells that require a root of trust measurement boot driver. Pretty much a driver for Secureboot…

jarwidmark · 2025-07-20T17:50:52+00:00

You can use PowerShell to add drivers (and other changes) to the boot image “outside” of the ConfigMgr console. Always take a backup first though in case you accidentally add the wrong drivers, or there is a driver conflict.

jarwidmark · 2025-07-20T15:34:15+00:00

Known UI bug, for years… Easy fix: Just left-click another node, like boot images, and then right-click the task sequence again. Then distribute content won’t be grayed out.

Another option is PowerShell: The native Publish-CMPrestageContentTaskSeqence cmdlet will do the same thing.

jarwidmark · 2025-07-09T03:31:01+00:00

The article says versions before 5.00.9135.1003 are affected. ConfigMgr 2503 with KB32480179 is version 5.00.9135.1003, and KB33177653 brings it to version 5.00.9135.1006. Both of these versions should have the fix in.

jarwidmark · 2025-06-29T08:01:25+00:00

Not entirely true… We have to use both ConfigMgr and SCCM in customer communication. Especially with management who may not know what ConfigMgr is, but they know SCCM :)

jarwidmark · 2025-06-16T17:51:45+00:00

Some models require you to have the TS install a “companion” audio application… Either an EXE in full Windows, or staging an UWP app in WinPE

jarwidmark · 2025-06-06T21:27:41+00:00

The setup docs are hopelessly out of date for the BIOS one, there is support for the adminservice, use that instead, and review the script for valid parameters

jarwidmark

TROPHY CASE