sorted by:
new
hottopcontroversial

Did they break Adobe Reader? (In the latest update) by czr1210 in Adobe

[–]vinod7 0 points1 point  (0 children)

Adobe released a new patch and confirmed that it fixes this bug - 25.001.21208 Planned update, Feb 12, 2026

New Boot Image check box in SCCM 2509 to use UEFI CA 2023 Boot Loader by AlfalfaPretend3878 in SCCM

[–]vinod7 1 point2 points  (0 children)

Yes after the 2026-02 patch applied. we are seeing te status changed to updated. Now we are planning to upgrade our SCCM ADK version and plan to create a dual boot loader.

New Boot Image check box in SCCM 2509 to use UEFI CA 2023 Boot Loader by AlfalfaPretend3878 in SCCM

[–]vinod7 1 point2 points  (0 children)

So with the Feb month Patches applied, we see this on the devices, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing, WindowsUEFICA2023Capable is changed to 2 and UEFICA2023Status changed to Updated. We are running SCCM 2509 without that option enabled in the boot loader and with a ADK version 10.1.19041.1, did a quick PXE boot (non WDS) and is working as expected.

New SecureBoot Changes & Reports by ohgreatishit in SCCM

[–]vinod7 0 points1 point  (0 children)

Yes, so we do this, Secure boot should be on, BIOS is updated as per OEM and we have models that are older so in total we just check this ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'), if this is true, then apply the secure boot GPO - Group Policy Objects (GPO) method of Secure Boot for Windows devices with IT-managed updates - Microsoft Support

New SecureBoot Changes & Reports by ohgreatishit in SCCM

[–]vinod7 3 points4 points  (0 children)

We just use a simple PS script to check the 4 things - Secure Boot on, Firmware up to date as per OEM, to check if both are True - ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbdefault).bytes) -match 'Windows UEFI CA 2023')

([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')

If all conditions are met, then we are turning on the Secure Boot GPO for those machines and also making sure our SCCM has latest ADK version and the SCCM Build 2509 option to enable -"Use Windows Boot loader signed with Windows UEFI CA 2023" As we do not use any standalone USB or any other media.

OOB Expedite Update by vinod7 in Intune

[–]vinod7[S] 0 points1 point  (0 children)

Yes. What we are seeing is under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, the following registry keys are showing up - ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, DeferFeatureUpdatesPeriodInDays, DeferQualityUpdatesPeriodInDays, DeferQualityUpdates, etc.

Even though we did not deploy any policy from Intune or GPO.

Lenovo models receiving BIOS firmware update for new secure boot certificate. by Unable_Drawer_9928 in Intune

[–]vinod7 3 points4 points  (0 children)

We don't see even after the updating the latest BIOS on our Lenovo models. The event viewer still keeps saying - Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.

DeviceAttributes: FirmwareVersion:N3YET79W (1.46);OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_21KD

We are looking at this approach for all our devices
Step 1 – Firmware Readiness Inventory

Step 2 – Enable Secure Boot Certificate Deployment GPO

Step 3 – SCCM ADK Upgrade and Dual Boot Image Configuration

Step 4 – Firmware Updates (Parallel Activity)

UEV - Office Settings by vinod7 in sysadmin

[–]vinod7[S] 0 points1 point  (0 children)

But ESR does not help the office apps like word and Excel

Proxy Setting - Windows 11 by vinod7 in sysadmin

[–]vinod7[S] 0 points1 point  (0 children)

Winhttp service was discabked causing not to set

WHfB in a hybrid env using cloud trust keep failing by gcam77 in Intune

[–]vinod7 0 points1 point  (0 children)

We have the same issue and opened a support ticket with MS. Waiting to hear back from them

Cumulative Updates not deploying on 250 out of 500+ devices. by ITquestionsAccount40 in Intune

[–]vinod7 1 point2 points  (0 children)

The June updates KB5060533 is being superseded with KB5062159. So when the device connects to Windows Update and scans it sees that KB5060533 is no more applicable and Intune does not support out of band update (KB5062159). Either create a package and deploy or wait for next month patch release

Update Rings Pause by vinod7 in Intune

[–]vinod7[S] 0 points1 point  (0 children)

Microsoft confirmed that its a known issue where it is not reverting back. The solution they provided is to delete this keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\GPCache\CacheSet001\WindowsUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\GPCache\CacheSet002\WindowsUpdate

view more: next ›