Forum Widgets
Latest Discussions
Management point in another domain (no-trust)
Hi folks, we have a situation where we would need to install a MP, DP and WSUS on a server that is in another domain to manage client that are in that domain. I was planning of installing the roles using a service account, import the CA cert from that domain in the Site server. Will there be any issues? I was reading about the communication between the sites roles and I also notice that the site server have to talk with a domain controller and the management point also have to talk with a DC. Which DC are we talking about and why it should talk with them. Does the MP in the other domain will try to reach the DC in the same domain? Does the site server will try to talk with the DC in the other domain? I know it's a strange one but it is the only way I manage to get to reduce the cost and be able to managed PCs that are on the other domain. Thanks! MathieuSolvedMathieu_DesjardinsFeb 29, 2024Brass Contributor1KViews0likes2Comments
Resource Explorer Shows Wrong Timestamp for Workstation Status
In Resource Explorer for a PC, the timestamp for Workstation Status is 7 hours earlier than the time it actually occurred. Correspondingly, Time Zone Offset is -420 minutes. This change seems to have coincided with the update to Configuration Manager 2207. I'll install Configuration Manager 2211 and see if the issue is resolved.SolvedSuperMJTFeb 02, 2023Brass Contributor1.1KViews0likes3CommentsMECM v2111 - Boot images
Hi, We purchased new hardware that needs a new rapid storage driver injected into the boot image to detect the installed hard drive. Using a test boot image, we added the driver that is needed which leads to updating distribution points. After injecting the driver, now all operating system deployments are downloading the test boot image first and later downloading the production boot image required by the task sequence selected. How do you control which boot image is downloaded initially during the TFTP phase of operating system deployment? I can't seem to find a solid answer or a good explanation of how this is controlled. Thank you! RobSolvedrobmoJun 23, 2022Brass Contributor973Views0likes2CommentsAudit CMBaselineDeployment EvaluationSchedule
Hi guys, does anyone have a method to display the Baseline deployment "EvaluationSchedule" in a readable format or list? Like the "Get-CMPackageDeployment -Name "Deployment Test" | Select-Object PackageID, ProgramName, CollectionID, AssignedSchedule" but in "Get-CMBaselineDeployment -Fast -Name "Baseline1" | Select-Object AssignmentName,EvaluationSchedule". Maybe a chance with an SQL query? The current output always show an encrypted string. Need that to Audit an Optimize the Deployments to not overlap. Regards.SolvedGeraldoApr 30, 2022Copper Contributor795Views0likes2Comments
Completing a Task Sequence when the network is not available
Hi All, I have a task sequence running on Windows 8.1 x64 which uninstalls a piece of software then reboots the machine. Uninstalling the software makes the network unavailable. The problem I am facing is the task sequence runs extremely slow once the network becomes unavailable. Logs indicate it is the client is trying to connect to the management point and timing out which is making it run slowly. I have three final steps, one which runs only if a Condition is met where the uninstall has failed. Another two 'Disable Bitlocker' and 'Reboot Machine' It seems to take approximately 5 minutes for each of these steps to run. I have ran the task sequence without uninstalling the software, thus meaning the network is available, and the task sequence runs at expected speed. Does anyone have suggestion on how I can make the task sequence complete quicker when the network is unavailable?SolvedMarkB2020Nov 27, 2020Copper Contributor1.6KViews0likes2CommentsCollocating SQL or remote SQL
Hi All Wanted to bounce my thoughts with fellow members. I am about to embark on a mini project for a customer. It's for a small experiment and a new network and infrastructure environment will be created on-premises. Unfortunately for this piece of work cloud is not an option. So a Virtualisation environment, SAN, networking, firewalls will all be procured. I need to build MECM to help deploy a gold image to approx. 100 workstations, there are 2 variances of laptops I need to consider. As its an experiment it also not going to grow. I also need to ensure patching is configured for both clients and the small server estate being built. So my thoughts are to build a new VM with MECM 2006 with the SUP role for WSUS and then use the OSD techniques with TS to build the Windows 10 image using PXE. They will be building a SQL server to host a database for a third party application. My question is as its such a small environment should I put SQL on the same standalone server which will host the Primary site MECM server and SUP or it is doing a lot already and I should move the SQL stuff to a remote SQL rather than collocate? From reading the docs I understand some considerations need to be taken into account to host both WSUS and ConfigMgr DBs within SQL (difference instances?) but because the environment will be so small my personal preference would be to keep it on same box, easier for me to deploy and easier for the customer to manage. The security of the environment is high due to the nature of the customer. What would others recommend and what would your approach be? Many thanksSolvedisotonic_ukAug 20, 2020Brass Contributor981Views0likes2CommentsHow to enroll existing Hybrid-AD joined device with intune for co-management?
Now that v1710 has released, I'm experimenting with Co-management, trying to enroll a test client for it. I went through the wizard in SCCM to configure co-management, setting Automatic enrollment in Intune to Pilot, and selecting a device collection which includes my test computer as the pilot group. In AzureAD I set the MDM User Scope setting to SOME, and selected a security group containing my user account. I've updated the SCCM client on the test computer, and am looking for some sign that it has been enrolled in Intune, but I'm not finding it. In the "Access work or school" settings on the computer, it still just shows connected to our AD domain. (Not sure if that would change...) In our intune console, I don't see that this computer has been added as an enrolled device. If I search in intune under AzureAD devices, I do find this computer listed there, but the Owner and MDM attributes are set to none. Is there something I'm missing when setting this up? At what point should the device be enrolled in intune? How can I verify that it has been enrolled?SolvedSteve WhitcherNov 21, 2017Bronze Contributor5KViews0likes2Comments
Resources
Tags
- cm current branch31 Topics
- Operating System Deployment9 Topics
- software update management9 Topics
- Site Setup and client deployment7 Topics
- General7 Topics
- App Management6 Topics
- CM 20124 Topics
- cloud-attached management4 Topics
- Endpoint protection3 Topics
- Security and Compliance3 Topics
