I had request to disable the setting ‘Allow the computer to turn off this device to save power’ in power management settings on network adaptor. From the screenshot above,there are 3 settings that will help for wake on Lan .All these settings information stored in client WMI. we want to uncheck the first option (Allow the computer to turn off this device to save power’ ) by leaving the rest of the 2 controls as it is. In this blog post ,we will see how to change the power management settings on client using configuration manager compliance settings. Before i…
Author: Eswar Koneti
Using compliance settings in Configmgr, you can do many tasks as part of compliance. In the last couple of blogs, we have utilized compliance settings to identify WU settings,automatic update,trusted publisher settings etc. http://eskonr.com/2017/10/configmgr-how-to-use-compliance-settings-to-check-the-windows-update-policy-settings-like-wuserver-usewuservernoautoupdate-on-clients/ In this blog post ,we will see how to use compliance settings to check for Windows update agent version if it is older or latest one as per https://support.microsoft.com/en-us/help/949104/how-to-update-the-windows-update-agent-to-the-latest-version. The Windows Update Agent runs on each client computer and checks for availability of updates. If you are using configmgr ,when the software update scan cycle runs ,a scan request is passed to the Windows Update Agent…
This blog post is going to be version 3 on the same topic (report for MS office versions) but with different requirements.My previous posts on ssrs report for count of MS office versions and drilled report to see client names etc will have some limitations like they will not give you bit type(architecture) like 32bit or 64bit of office installed on the client. They simply get the count of the MS office edition installed and then drill down further to get you the list of client computers with office edition,version,its OS and hardware scan date info. Both the versions with…
When you install configuration manager client to manage any windows device ,it will try to configure local group policy to set WSUS server settings (unless you have no GPO configured to set these settings) .If at all ,you have any GPO to configure the WSUS information ,local GPO that created by configmgr client will fail which will be logged in wuahandler.log,windowsupdate.log. If you look at wuahandler.log, you will see error something like below. “Group policy settings were overwritten by a higher authority (domain controller) to server and policy not configured” . So before you try to install SCCM client,it…
Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. Since…
Since few weeks i was working on office 365 stuff including o365 applications teams ,onedrive and managing the mobile devices +windows (MDM/MAM) using intune. while working on this ,i found that ,windows 10 devices that are applied with WIP policies ,internet is getting blocked (access denied) on 3rd party browsers like Google chrome,Firefox but it works fine on Edge, internet explorer browsers. If you are trying to access internet on Firefox,chrome or any other browser (except IE or edge) ,you will hit the following error. To know more about windows information protection ,read TechNet article https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip To use 3rd…
This is quick blog post about getting the list of clients that require a specific software update contained (it can be based on title,article ID(KB),bulletin ID). You can get the client list using the default software update compliance reports but it doesn't give you the inventory information about client ,like ip address,hardware scan,software update scan ,OS etc and creating custom SQL allow you to filter lot more like collection ID,hostname contains,OS not like etc. Adobe has released a security update (APSB17-32) for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability…
In this blog post, we will see how to use conditional access to deny/block access to Office 365 Exchange Online (emails) from windows devices and mac devices . conditional access allow access to company data only for authenticated users from compliant devices (If you apply conditional access to list of users ,device must enroll before they check for device compliance) from approved apps under the right conditions. More information about conditional access read from Technet https://docs.microsoft.com/en-us/intune/conditional-access To block access to o365 exchange online (not for exchange on-prem) from windows and mac devices using mobile apps and desktop apps like outlook…