Windows

So your Group Policy (GPO) settings do not allow you to upgrade to the Windows 10 Fall Creators Update and you have local administrative access on your machine? The registry fix from below will change this! Copy the registry fix from below and save it as fix.reg with Notepad. (Make sure you don’t save it as fix.reg.txt!) Right click on the file and click “Merge”. You should now have access to Settings -> Update & Security -> Windows Insider Program. ...

The following unknown device IDs will pop-up when you run the script or when you open Device Manager: ROOT\VMBUS\0000 ROOT\VID\0000 ROOT\VPCIVSP\0000 ROOT\STORVSP\0000 ROOT\SYNTH3DVSP\0000 If you want to find all Unknown Devices, open PowerShell as an Administrator and run: Get-WmiObject Win32_PNPEntity | Where-Object { $_.ConfigManagerErrorCode -ne 0} | Select DeviceID On my work notebook, all drivers were correctly populated so it had to be something with my test laptop. It’s a fresh Windows 10 machine deployed by a Task Sequence - enabled with Device Guard and Credential Guard. ...

Recently I was trying to apply a lock screen image with a GPO. I distributed the image to the C:/Windows/Web/Wallpaper directory and configured the Windows 10 GPO to that location. After running the Windows 10 Task Sequence successfully, the default lock screen image came up. I was using a large image from the client so that it still looks good on bigger screens. I’ve found out that after resizing the image back to 1080P, the image was applied successfully after locking the machine. ...

Recently Microsoft introduced Windows Autopilot. This is a feature where you can register your corporate devices and where users can use their internet connection to sign in with their Azure AD credentials. The device is automatically enrolled with MDM like Intune and will receive apps and policies from there. According to Microsoft’s recent blog post and instruction video, a user needs to insert their WiFi password as the device will get the configuration from MDM and is already enrolled, without having the option to change the MDM provider or enroll the device as a personal device. ...

Cause Recently I replaced my workstation and that was a perfect time to rebuild my home lab. After I got green lights from my employer to install the all new Windows 10 Creators Update, I also installed Hyper-V and started to build servers in my lab. I was playing around with Shielding, Virtual TPM and SecureBoot until I found out that RemoteFX didn’t work anymore. I added the RemoteFX adapter to a VM with shielding enabled, but saw in the Hyper-V Settings menu that “0 virtual machines are currently using this GPU”. I first thought about updating my drivers, but I realized that I was playing around with some new features. ...

My notebook connects to a Docking Station with access to my receiver with speakerset, 2 screens, power and a KVM switch for my mouse and keyboard. When I lock my laptop, the sounds switches from the receiver to my internal speakers. When I unlock my laptop, the sound switches back but the Spotify application doesn’t play any sound. Closing the application doesn’t solve this problem, because the application will crash and I have to use the Task Manager to force the application to close. I made a PowerShell function that I’ve added to my PowerShell profile. https://gist.github.com/jvravensberg/302a3de8dbc92b54812afc408f5c43ec The Restart-Spotify function looks for any process that ends with “spotify” and stops the process. ...

WARNING: Removing Windows 10 Apps can make your system unstable. I had issues with my NUC after removing some default applications. Don’t do this in your master Enterprise image! Block apps with AppLocker instead. Use the following PowerShell command to check which Windows 10 Apps are installed: Get-AppxPackage | Select Name Make sure that you get all the packages that you want to delete in one view. For example: Get-AppxPackage | Where {$_.Name -ilike "Microsoft.ZuneVideo" -or $_.Name -ilike "Microsoft.WindowsCamera"} To remove those packages, pipe it to Remove-AppxPackage. ...

Problem: Multicast during an SCCM 2012 R2 SP1 (1511 release) Task Sequence fails with error “Failed to get MCS key (Code 0x80004005)”. This error is found in the smsts.log log file on the (Windows 10 Enterprise x64 1511) client machine. SMSTS.log file contents CLibSMSMessageWinHttpTransport::Send: URL: SCCM01.CORP.DOMAIN.COM:443 CCM_POST /SMS_MCS_AltAuth/.sms_mcs?op=keyinfo ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290) In SSL, but with no client cert ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290) `Request was successful. ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)pNext != NULL, HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,2054) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)reply has no message header marker ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)DoRequest (sReply, true), HRESULT=80004005 (e:\nts_sccm_release\sms\framework\osdmessaging\libsmsmessaging.cpp,10358) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)oMcsRequest.GetMCSKey(mcsKeyInfoResponse), HRESULT=80004005 (e:\nts_sccm_release\sms\server\mcs\consumer\mcsisapiclient.cpp,429) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)Failed to get MCS key (Code 0x80004005) ApplyOperatingSystem 15-4-2016 9:02:57 656 (0x0290)ClientRequestToMCS::DoRequest failed. error = (0x80004005). ...

Problem: If you see the following error in your IIS Logs (C:\inetpub\logs\LogFiles\W3SVC1), it’s possible that the CRL of your Certificate Authority isn’t reachable or valid anymore: GET /SMS_MP/.sms_aut MPLIST 443 - SMS_MP_CONTROL_MANAGER - 403 13 2148081683 5701 18 Solution: Export a certificate from your personal certificate store, for example, an SCCM Client Certificate to your C: drive. Open a command prompt with elevated rights and type: ...

With TPM 1.2, Microsoft was able to clear the TPM during the SCCM Task Sequence without asking for permission to clear the TPM. With TPM 2.0, SCCM is unable to clear and activate the TPM chip during the deployment. The first time you boot your computer, you need to provide a BitLocker Recovery Key, or the tpm.msc console will tell you that the TPM is ready for use, with reduced functionality. I found a script online that I’ve added to my GitHub to clear the TPM 2.0 chip during the deployment. ...