Out of Office Hours

Powered by
WordPress

  • Use the new community modules for Autopilot

    As I mentioned in my previous post, there is a new community version of the WindowsAutopilotIntune PowerShell module that I created a few years ago (needed because the “official” Intune modules don’t include any beta Graph objects, and the Autopilot objects seem to be permanently stuck in beta). But there are actually three different ones available. Each…

  • Get Autopilot for Existing Devices to skip the region page

    In an Autopilot user-driven AAD join deployment profile, you can configure it to specify the “Language (Region)” and as long as there is network connectivity (e.g. a wired device), that will work just fine. You can specify “Operating system default” for it to choose the default, or you can specify an explicit language, e.g. “English (United…

  • Creating ConfigMgr boot media without a password? Maybe that’s a bad idea.

    Sometimes going off on a tangent leads you to yet another tangent. Or maybe it’s just an attention span issue. Regardless, it resulted in a question: How is the stuff that ConfigMgr embeds into boot media (e.g. the PKI certificate that you specify that enables the boot image to actually talk to ConfigMgr) protected? I knew that it…

  • Thank you, Tanium!

    My experiences working at Tanium have been great: great people, a great company culture, and great technology. Honestly, it was an extremely positive experience overall, working from home with individuals all over the world, creating solutions like Tanium Provision and learning a lot along the way. (In case you’re wondering, yes, Linux bare metal imaging…

  • Renaming Autopilot-deployed devices

    Over three years ago (yikes), I did a blog post that talked about renaming Hybrid AADJ devices after they have been deployed via Windows Autopilot. As I was revisiting that for an upcoming presentation, it occurred to me that such a thing doesn’t need to apply only to Hybrid AADJ; it can also be useful…

  • Installing updates during Autopilot: Windows 11 edition, revisited

    In my previous post about this, I was baffled by the issue I ran into: a reboot during the Autopilot process, needed after updates were installed, effectively bricked the device. But with the cause of that discovered to be something unrelated (running an MDT task sequence as a Win32 app) and fixed, it’s worth revisiting…

  • Run an MDT task sequence during Autopilot, revisited

    In my previous post on the subject, everything worked well: I could take an MDT task sequence, package it up as an Intune Win32 app, and deploy it during an Autopilot provisioning process. After that, I moved on to installing Windows updates during the process, and that’s when things when wrong: after rebooting to complete…

  • Remove the Azure Arc Setup “feature” installed on Windows Server 2022

    Microsoft added a new “Azure Arc Setup” feature in Windows Server 2022 via this month’s cumulative update. You can see it show up in the Start menu: And there’s a folder created to hold the installer itself: Having a feature is one thing, having it installed by default — as part of a Patch Tuesday…

  • Installing updates during Autopilot: Windows 11 edition

    Updated 2023-10-23: This post has effectively been superseded by this new post. The issues described below are actually not caused by the Windows update process; more details on that here. Back in 2019, I did a blog post about installing Windows updates during an Autopilot deployment. That was with Windows 10. There was no reason…

  • Why does Windows 11 make Start menu layout so hard?

    In Windows 10, you had options: You could lock down the full Start menu layout via a GPO or MDM policy, applying an XML file that sets the layout. Or, you could do a partial Start menu layout and let the user have the ability to create and edit their own groups. Or, you could…

  • Yes, Microsoft broke VBScript in the new ADK

    A new Windows 11 22H2 release of the ADK appeared a couple of days ago, and it didn’t take long for some to notice an issue with it: It turns out that the VBScript.dll just isn’t there. It could probably be added back (ideally from a matching Windows 11 build 25398 media) and re-registered, but…

  • Run an MDT task sequence during Autopilot

    Updated 2023-10-23: See this post for more information around this. This one might sound a little strange, but hear me out. What if you wanted to run a task sequence during an Autopilot provisioning process, but you didn’t want to mess with Configuration Manager? Well, MDT can run task sequences too, so why not take…

  • What’s wrong with Hybrid Azure AD Join?

    You’ve probably heard someone say it before: Don’t do Hybrid Azure AD Join, move to Azure AD Join. What they are generally referring to is more specifically talking about Windows Autopilot and its user-driven Hybrid Azure AD Join scenario, in which Windows Autopilot joins a device to Active Directory and enrolls it in Intune. But…

  • Track anything using ESP

    I’ve talked in the past about how the Enrollment Status Page in Windows Autopilot can be extended using additional providers. The basic structure is described in the EnrollmentStatusTracking CSP (using the old name for ESP, which would have been EST instead of ESP, not that ESP is any better than EST). Using this, other software…

  • Deploy SCCM images with something other than SCCM

    I’ve stated many times that you could take an image from MDT and deploy it with anything, as there’s nothing MDT-specific captured in the image. But curiously, I’ve never heard any comments about the inverse of that, taking an SCCM image and deploying it with MDT or other tools like Tanium Provision. But someone asked…

  • Detecting when you are in OOBE

    People have asked in the past what the best way to detect when you are using Windows Autopilot to deploy a device, so that some apps and potentially even settings are deferred until a later point in time. When you boil this down, it’s a little more general than that. All you really need to…

  • User interaction in OOBE: Challenge accepted

    When you are going through the OOBE process in Windows 11*, have you ever noticed that anything executing that displays a UI can’t be seen? A good example is the task sequence progress dialog that you would expect to see related to my previous post. You can tell that it is there by using Alt-Tab,…

  • Run an SCCM task sequence during Autopilot HAADJ

    My previous post on this topic covered how to do this with Azure AD Join. In that scenario, getting the Configuration Manager client installed and functioning is easier to do since it supports using an Azure AD user token for authentication. The same thing doesn’t work for Hybrid Azure AD Join (even though there should…

  • Dissecting an SCCM bulk registration token

    When looking at feasible processes for installing the Configuration Manager client using the “Co-management settings” feature in Intune with Hybrid Azure AD Join, bulk registration tokens appeared to be the best option. (I haven’t yet given up on PKI certificates, but there are challenges with that.) But since I hadn’t used these before, I figured…

  • Compact a Hyper-V VHDX from a Linux VM

    It’s easy enough to compact a VHDX file attached to a Windows VM: Just shut down the VM, then edit the disk and specify “Compact” as the action: But for Linux VMs, Hyper-V doesn’t understand the disk contents as well (at all?) so you have to add an extra step. From a command prompt (sudo…