Technical

In this article, I will show you how to find empty collections in SCCM (ConfigMgr) and delete them from the console. You can easily determine empty device collections and user collections using management insights in Configuration Manager. A company recently asked me to help them resolve problems with their current Configuration Manager setup. During my audit of the SCCM server, I noticed that there were plenty of empty collections that didn’t have any users or devices in them. The admins who created these collections no longer worked for that organisation. This scenario is common in most organizations, and I believe a delicate balance must be struck to have the proper number of device collections in SCCM. You would rather not have too few collections so that you can’t organise your clients logically, but you also don’t want to have too many so that your database is clogged with entries you’ll never use. https://forum.papbio.org/showthread.php?tid=5259 https://expectingtheunexpected.co...

In this post, I will share some basic steps to resolve issue where the Autopilot profile status shows Not Assigned. If you don’t see the status of Autopilot deployment profile for devices as assigned, I will share multiple solutions to resolve the issue. When you create a Autopilot deployment profile, you assign the profile to a device group. This device group consists of computers that you have registered for Autopilot in Intune. The process of importing a device may take up to 15 minutes. You can run the refresh option to check if the device is imported successfully. After you have assigned the autopilot deployment profile to a device group, the profile status for the devices changes from Updating to Assigned. In some cases, the Autopilot profile status for devices gets stuck at the Assigning step and finally shows as Not Assigned. This is a common issue but gets resolved after waiting for a few hours. If the Autopilot Profile status shows not resolved and if this issue persists for ...

In this article, I will show you how to find empty collections in SCCM (ConfigMgr) and delete them from the console. You can easily determine empty device collections and user collections using management insights in Configuration Manager. A company recently asked me to help them resolve problems with their current Configuration Manager setup. During my audit of the SCCM server, I noticed that there were plenty of empty collections that didn’t have any users or devices in them. The admins who created these collections no longer worked for that organisation. This scenario is common in most organizations, and I believe a delicate balance must be struck to have the proper number of device collections in SCCM. You would rather not have too few collections so that you can’t organise your clients logically, but you also don’t want to have too many so that your database is clogged with entries you’ll never use. https://union-pegase.vraiforum.com/t9-regles-d-ecriture.htm https://union-pegase.v...

In this article, I will demonstrate how you can deploy Bitlocker using Intune Settings Catalog. You can configure Bitlocker with Intune using the settings catalog, which offers more flexible configuration choices. BitLocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. It provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. BitLocker may be configured in Intune for Windows 10 and 11 devices using one of three methods: An endpoint protection profile An endpoint security disk encryption profile A settings catalog profile https://worldbattlingent.com/showthread.php?tid=5764 https://www.tedpublications.com/forum/showthread.php?tid=139829 https://ordemdospsicologos.org/forum/showthread.php?tid=1363 http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=1368 https://www.truecrimecollectors.com/s...

In this article, I will demonstrate how to get windows features using PowerShell on servers. The Get-WindowsFeature cmdlet lists all the windows features installed on a server. If you are asked to find the features installed on a specific server, you can use PowerShell to complete the task. Manually listing down the installed features will take time, and you cannot do this when you have multiple servers in the setup. There are many ways to locate the installed features on the server, including Configuration Manager and third-party tools. But, PowerShell is the most straightforward and cost-free way to discover what features are installed on Windows servers. http://mystrotain.free.fr/forum/showthread.php?tid=24036 https://www.revolutionmall.co.uk/forum/showthread.php?tid=18712 https://www.truecrimecollectors.com/showthread.php?tid=24 https://expectingtheunexpected.com/showthread.php?tid=1573 https://disforum.online/showthread.php?tid=20&pid=46 http://www.vfl.muellerluedenscheidt.de/...

In this article, I will show you how to rename administrator account using GPO (Group Policy). We will create a GPO and link it to an OU that will rename the local administrator account on domain joined computers. When you install any Windows operating system, the default administrator account is disabled. You should never log on with the built-in administrator account. You must use your own administrative account instead. Furthermore, you can enable the administrator account using multiple methods. However, it’s not recommended unless you really need to access this account. Renaming the administrator account will reduce the chance of brute force assaults, enhancing security in your Active Directory network. Group Policy makes it simple to rename the administrator account on all PCs in your AD domain. Why should you rename the Local Administrator Account? https://www.truecrimecollectors.com/showthread.php?tid=55 https://itrunsintheblood.bplaced.net/awake/showthread.php?tid=35 http://ho...

In this article, I will show you how to uninstall Windows updates using PowerShell. You can list all the updates installed on your Windows computer using PowerShell and remove the updates using KB number. Microsoft periodically releases updates, some of which are intended to resolve specific problems, but others of which unintentionally cause new problems. We have witnessed this occurring multiple times, which is why the majority of IT administrators choose to delay the deployment of new updates. The updates that you want to uninstall may have been deployed via SCCM or you may have manually imported the update into WSUS from Microsoft Update Catalog. In case the update that you want to remove is installed using Configuration Manager, you can roll back a patch via SCCM. If the update is causing issues on the computer, the only solution is to uninstall that problematic update. Your first goal is to find the update(s) that is causing issues when you update your Windows 10/11 computers. By...

In this article, I will show you how to disable Windows Hello for Business using Intune. You can now use Intune to disable the “Your organization requires Windows Hello” or “Use Windows Hello with your account” prompt during Autopilot OOBE and get rid of WHfB permanently. Windows Hello is a biometric device unlocking function that works with fingerprints or facial recognition. Microsoft Intune can be used to administer Windows Hello, and it is accessible on Windows 10 and Windows 11. A more secure approach to sign in to devices is with Windows Hello. With Microsoft Intune, you can set up a tenant-wide policy that instructs Windows 10 or Windows 11 devices to use Windows Hello for Business when they enrol with Intune. This policy targets your entire organization and supports the Windows Autopilot out-of-box-experience (OOBE). If you choose not to configure a tenant-wide policy for Windows Hello for Business, you can use a device configuration Identity protection profile to configure gro...

In this guide, I will show you how to patch server core installation with the latest Windows Updates. Through Windows Update, you can install the latest patches on the server core automatically or manually install the latest updates. When you install the Server Core, it is recommended to install the latest patches to keep it secure and updated. Unlike Windows Server (installed with Desktop Experience), the Server Core doesn’t have a GUI to check for updates. When you have multiple server core installations in your setup, patching all them of the servers becomes a critical task. By patching a server core installation, you get the performance improvements and the known issues or bugs are fixed. Methods to Patch Server Core Installations https://expectingtheunexpected.com/showthread.php?tid=1495 https://forum.papbio.org/showthread.php?tid=4256 http://mystrotain.free.fr/forum/showthread.php?tid=15775 http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=846 http://forum.icohaberleri.com...

In this article, you’ll learn how to configure session time limits for Windows 365 Frontline Cloud PCs in Intune. When you create a session time limit policy for Windows 365 Frontline Cloud PCs, the inactive Cloud PC sessions will be disconnected based on the idle session limit that you define. Your organization must instruct employees to save their work at the end of their shift and explicitly disconnect or sign out using any Windows end-session control in order to make the Frontline licence available for use by another employee. Microsoft strongly suggests configuring a Session Time Limit policy to enforce when inactive Cloud PC sessions are terminated, as some employees may forget to do so. Windows 365 Frontline is a new concept of Windows 365 that helps organizations save costs by allowing a single license to provision three Cloud PC virtual machines. Windows 365 Frontline is for organizations of all sizes with shift and part-time workers who require access to Cloud PCs only for li...