Note:If you are running Microsoft Endpoint Manager Configuration Manager 2002 and later, this post is not applicable. In 2002 and later builds, the boundary group information is available as default value for client devices and you dont need to extend the custom MOF file. For more information about boundary groups in build 2002 and later, please read here. Introduction: Boundaries for SCCM define network locations on your intranet that can contain devices that you want to manage. Boundary groups are logical groups of boundaries that you configure. For more information click here Few days ago ,Jason Sandy’s has blogged about…
Author: Eswar Koneti
I was looking at the console other day and found that, there were many collections created in the root folder (device collection) with 0 count. So i looked at the collection properties ,i found empty there (No direct or query based rule). So i decided to write SQL query to identify the list of collections that have empty results with no query rules (Direct or query based) defined in it. For this query ,i have used 2 SQL views (v_Collection and v_CollectionRuleQuery ) . For full list of SQL views that exist in SCCM Configmgr ,please refer https://gallery.technet.microsoft.com/SCCM-Configmgr-2012-R2-SQL-5fefdd3b .…
If you are using o365 services ,you might hit requirement to block unsupported OS (Ubuntu,CentOS etc) accessing o365 resources . There are couple of ways that you can restrict unsupported using Azure Active Directory Conditional Access. The only devices that are supported at the moment are iOS,Android,Mac and Windows. You can control these supported devices to protect the data without being leaked with combination of conditional access and intune ,however these unsupported OS cannot be managed hence you must block them to access o365 resources. For more information about conditional access ,have provided the links in reference section at…
If you are using Microsoft intune as MDM solution to manage mobile devices ,you will certainly hit the requirement of managing Internet access using Managed Browser policies with Microsoft Intune to allow or block,bookmark and set home page with certain URL’s. Intune Managed Browser is a web browsing application that you can download from public app stores (apple store or Google play store) for use in your organization. Since this app has integration with the Intune SDK, you can also apply app protection policies like controlling cut ,copy,paste that comes with intune app protection policies. If you are allowing end…
Deploying Onedrive for Business is straight forward .The command line switches are very simple :"OneDriveSetup.exe" /silent ,but when you create application in Configmgr, there are couple of things that you need to focus on like detection method and install behaviour. If you search online ,how to deploy onedrive for business using Configmgr, you will get various post however the following method is what i have been using and it works fine . I would like to share the solution in simple steps. Create application that you do normally but use use the following information to fill detection method ,User…
Microsoft released December month ConfigMgr Technical Preview version (1712). It has been while since I look at my SCCM Tech preview lab. So I had chance to look at the new features that are released with this preview version and play around it in my lab. Following are the new features released with this preview version (This is only for lab purpose,not for production release). Do not automatically upgrade superseded applications Install multiple applications in Software Center Client-based PXE responder service Change in the Configuration Manager client install Change to the Surface device dashboard Improvements to Office 365 Client Management…
I had request to disable the setting ‘Allow the computer to turn off this device to save power’ in power management settings on network adaptor. From the screenshot above,there are 3 settings that will help for wake on Lan .All these settings information stored in client WMI. we want to uncheck the first option (Allow the computer to turn off this device to save power’ ) by leaving the rest of the 2 controls as it is. In this blog post ,we will see how to change the power management settings on client using configuration manager compliance settings. Before i…
Using compliance settings in Configmgr, you can do many tasks as part of compliance. In the last couple of blogs, we have utilized compliance settings to identify WU settings,automatic update,trusted publisher settings etc. http://eskonr.com/2017/10/configmgr-how-to-use-compliance-settings-to-check-the-windows-update-policy-settings-like-wuserver-usewuservernoautoupdate-on-clients/ In this blog post ,we will see how to use compliance settings to check for Windows update agent version if it is older or latest one as per https://support.microsoft.com/en-us/help/949104/how-to-update-the-windows-update-agent-to-the-latest-version. The Windows Update Agent runs on each client computer and checks for availability of updates. If you are using configmgr ,when the software update scan cycle runs ,a scan request is passed to the Windows Update Agent…