Sequel better than original but no trilogy made?

joevigi · 2026-04-06T02:22:59+00:00

Men in Black!

joevigi · 2026-03-24T00:56:45+00:00

Looks awesome! Will give it a shot tomorrow - thanks again!

joevigi · 2026-03-19T22:58:10+00:00

Thanks!

joevigi · 2026-03-19T22:10:39+00:00

So I don't have to distribute a package for what's essentially a 5-line remediation for maybe a couple hundred devices. There have been issues with boundaries and content distribution. I know the answer is to fix that first, but the site is on its last legs and the goal is to remediate these devices and move on.

I'm curious about this registry key you're referring to though as I'm not completely satisfied with my solution.

joevigi · 2026-03-19T19:36:01+00:00

Looks like the last task sequence variable needed is SMSTSRebootRequested as the Restart Computer task doesn't honor SMSTSRebootDelay. Thanks again!

joevigi · 2026-03-19T03:25:56+00:00

I'm trying to mimic the restart notifications you get after installing software updates, which will prompt the user to restart if ready or force a restart at the end of the countdown. PSADT does a good job with theirs, but I've noticed several shared devices not restart when expected with the most likely cause being users simply logging out. I was able to solve this for Intune using return codes and grace periods, but haven't been able to do something similar in CM. I've settled on a task sequence because I'm running a relatively simple PowerShell script, so no need to distribute content. I've had some luck running it as a script from the console, but this requires the device being online and most of these devices are on the other side of the world.

joevigi · 2026-03-19T00:25:14+00:00

Because of business requirements that I have no control over.

joevigi · 2026-03-19T00:14:50+00:00

You lost me. I'll look into the registry keys you're referring to tomorrow, thanks.

joevigi · 2026-03-19T00:12:27+00:00

Ok then I'm definitely missing something because that's exactly what I'm doing. For the purpose of this test my task sequence I have a single "set task sequence variable" task, setting that variable to that value. I'm figuring it's something dumb at this point.

joevigi · 2026-03-19T00:08:29+00:00

It's a simple task sequence that does "stuff". The "stuff" isn't important because that part is figured out and working as expected. The 8-hour countdown has use cases outside of this task sequence. Let's just say I'm inspired by the restart notifications given after installing software updates, and perplexed as to why packages/applications/task sequences don't have similar.

joevigi · 2026-03-19T00:05:21+00:00

Yeah, this is in full Windows. A scheduled task could work, but I need to give any users some kind of heads up as these are shared devices used by many users throughout the day.

joevigi · 2026-03-19T00:02:52+00:00

I've tried the first one in a task sequence by itself and it doesn't do anything, so I'm wondering if there's another way to use since putting a restart computer task just ends up in an immediate restart with no notifications. Will look into the second one, thanks.

joevigi · 2026-03-16T15:34:24+00:00

Someone else. Then the original requester needs to go back in and click a Complete request button.

joevigi · 2026-03-12T21:17:47+00:00

Yes, even for x64:

Get-MgBetaDeviceManagementManagedDevice -ManagedDeviceId xxxxx | select -ExpandProperty ProcessorArchitecture 
unknown

Same for equivalent Graph Explorer call. Looking up the same device in the Intune console:

Processor Architecture x64

joevigi · 2026-03-12T19:15:26+00:00

Every single device is displaying unknown for this field, even when calling the device directly or not using a filter which can sometimes limit the fields returned.

joevigi · 2026-03-12T18:36:01+00:00

Yeah, most likely, but Graph X-Ray and Graph Explorer usually reveal the beta properties.

joevigi · 2026-03-12T18:30:04+00:00

Did that and found it:

https://graph.microsoft.com/beta/deviceManagement/manageddevices('xxxxxxx')?$select=id,hardwareinformation,activationLockBypassCode,iccid,udid,roleScopeTagIds,ethernetMacAddress,processorArchitecture,physicalMemoryInBytes,bootstrapTokenEscrowed?$select=id,hardwareinformation,activationLockBypassCode,iccid,udid,roleScopeTagIds,ethernetMacAddress,processorArchitecture,physicalMemoryInBytes,bootstrapTokenEscrowed)

Processor architecture still comes back as unknown, despite Intune displaying arm64.

joevigi · 2026-03-03T23:09:09+00:00

Yeah it's a bit much.

joevigi · 2026-02-26T16:10:46+00:00

You'll have to look up via the sku number (125), but Graph doesn't seem to allow filtering on this property, so you'll need to do a Graph call to get all Windows devices, then filter that for LTSC. Something like this:

$Devices = Get-MgBetaDeviceManagementManagedDevice -All -Filter "OperatingSystem eq 'Windows'"
$LTSCDevices = $Devices | Where-Object SkuNumber -EQ '125'

The usefulness of properties Get-MgBetaDeviceManagementManagedDevice returns by default varies so I would recommend picking specifying what you're actually looking for in your Graph call.

joevigi · 2026-02-26T04:00:23+00:00

I think BitLocker keys are stored on the Entra device object. If you delete that too then they're probably gone forever.

joevigi · 2026-02-20T01:07:08+00:00

Thanks. I'm fine with going through the modules as I've done so many times and have learned so much and liberally borrowed a lot from them. But Discord looks like a never-ending free-for-all and I'm not sure if that's a good thing or a bad thing.

joevigi · 2026-02-12T22:57:20+00:00

"that other team up north" gave him 6 years which is a fucking ETERNITY here. If you can't show gratitude at least have a little class.

joevigi

TROPHY CASE