Featured Article

Use Intune Policy CSP manage Windows 10 settings – Internet Explorer Site to Zone Assignment List

For start, I was actually testing ConfigMgr cloud gateway management and Client Installation over Internet, see this post https://blogs.technet.microsoft.com/arnabm/2017/08/27/client-installation-over-internet/ I did managed install ConfigMgr client on AAD joined Windows 10 (version 1709), but I also want configure some Internet Explorer settings to my AAD joined device. Since Windows 10 (version 1703), we can use Intune Policy CSP to… Read More »

Featured Article

SCCM with iPXE UEFI boot without WDS server

This is a long post….hope you have energy to read. 😀 Dell has a really nice post about How to configure PXE booting over UEFI without using Server 2012 and Windows Deployment Services, you can read this here. In that post, sample is MDT. I am going to do a SCCM scenario. You can watch this video see… Read More »

Extend Enterprise Mobility + Security E5 trial license

I am sure many of us are using trial licenses of Intune or EMS, once your trial license is expired, you can extend it for another 30 days. You should do it immediately when your trial is expired, because this 30 days starts to count when trial is expired, so if you don’t go click on Extend you… Read More »

How to query Infineon firmware TPM (Microsoft Advisory ADV170012) in ConfigMgr

If you don’t know what is this about, you must read this https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 Additional, in this article https://support.microsoft.com/en-us/help/4046783/bitlocker-mitigation-plan-for-vulnerability-in-tpm, it said  When TPM-based protector is used to protect the operating system volume, the security of the BitLocker protection is affected only if the TPM firmware version is 1.2. But the script what Microsoft provided doesn’t include detection if TPM… Read More »

Use PowerShell detect if Lenovo laptop is attached docks

Big thanks for Joe Parker (@joe_lenovo) gave us PnP ID of Lenovo ThinkPad Pro/Ultra docks. ThinkPad Pro dock 40A1: USB\VID_17EF&PID_1012 ThinkPad Ultra 40A2: USB\VID_17EF&PID_1010   This a simple PowerShell script for detect if Lenovo laptops are attached to dock station, includes mechanical Lenovo ThinkPad docks and Lenovo USB 3.0 Pro/Ultra docks. 

or:

 

Windows 10 Upgrade won’t continue after reboot

Ran into a problem today, during windows 10 inplace upgrade, machine didn’t continue upgrade after reboot, it was about 70% of the update, machine shutdown and won’t restart again. Trouble shooting… yes I did find where is the issue. Because I have tested my Task Sequence like hundred times, I know what steps are 100% work and what… Read More »

Devices Management: Azure AD Join vs. Azure AD Device Registration vs. Domain Join

For start, please read this article https://blogs.technet.microsoft.com/trejo/2016/04/09/azure-ad-join-vs-azure-ad-device-registration/, there are details regarding these matters. So why am I writing these? As an IT professionals, we can read those technical articles, understand like MDM, MAM, ConfigMgr/SCCM, AAD, GPO, but customers don’t. When customer wants a device management solution, they often ask “What kind of devices management you can offer?” or… Read More »

How to set up Azure AD self-service password reset (Cloud SSPR)

I am happily notice this new feature of Windows 10 Insider preview: Recover pin and password from the lock screen. https://blogs.windows.com/windowsexperience/2017/07/13/announcing-windows-10-insider-preview-build-16241-pc-build-15230-mobile/ Recover your pin and password from the lock screen:  Self Service solutions empower end users, unburden helpdesk/IT admins, and save organizations money. Cloud Self Service Password Reset (Cloud SSPR) has been a really popular Azure AD Premium… Read More »

First step into the “Cloud”

It has been a while since I last time use any Cloud services. Remembered last time when I tried register free trial Azure, Intune, Office 365 and Enterprise Mobility, it was….complicate. I did found many instructions how to do that, first register this, don’t close the page, then register that..put your credit card, then register again… Since all… Read More »

Monitor ConfigMgr Task Sequence with Status Message Query

This is not about monitor Task Sequence Deployment status, it is about monitor Task Sequence itself. I use package ID instead of Deployment ID, because you might need to deploy same Task Sequence to many collections with different schedule, and you will have many deployments of same Task Sequence. I don’t want to create many queries for each… Read More »