I know there are the new VPN boundaries for making CM management easier. But, I'm still stuck on using the tried and true IP ranges for boundaries. Why because they are tried and true and just work. And because there is no "magic" in the background. (I call it magic because I haven't dug into them too much yes so don't know how they do their determination).
Not too long ago, there was an issue with Azure AD that broke basically everything in the cloud. So, for many organizations, it was difficult to communicate to everyone and let them know that most everything was broken because.... Most everything was broken. Heck, even the 911 emergency services weren't working in some parts of the country. But, I'm sure this won't happen again... This got me thinking about creating some sort of on demand notifications from CM...
SetupDiag is a command line tool created by Microsoft for troubleshooting Windows 10 Upgrade issues. The lack of a UI makes it difficult for the average person to use. I built a basic UI to run SetupDiag.exe in online mode directly on a computer that has failed its upgrade. I make this available through Software Center and use the "Repair" button to allow running on demend.
For the UI, I decided to employ something I'd been meaning to start working with since the last MMS and the presentation on WPF forms in PowerShell.
This summer, I completed my Feature Update from 1803 to 1909 for my company. The deployment went pretty smooth using the feature updates deployed from CM and then Martin Bengtsson Toast notification script (v 1.6 at the time). At that time, it didn't handle Feature Updates. So I added protocols and scripts to help with that. I'll look at another article to talk about that. This is mainly a blog of troubleshooting that went into feature updates for me this summer.
If you want to trigger an update available from CM in Software Center via a PowerShell script, you can use something like the following:
A few months ago, I learned of a View in the CM database that is basically every column that you can add in the devices node. Too many times someone wants a report that just lists exactly what they see in the Devices node. So, this view gives you that without having to do any of those wonderful SQL JOINs we always have so much fun with.
This week in the MMS Tips and Tricks, I decided to show this view, along with using SSMS to filter views. So lets take a look at the view.
A few months ago, I wrote a post about troubleshooting desktop analytics as I had come across an issue getting it set up and the troubleshooting available was little and far between. After working with an outstanding support representative from Microsoft, we discovered that my issue was rooted in poor group policy decisions that we made 2 years ago related to sending telemetry to Microsoft. These group policies were rooted in not only machine settings but also user settings.
For some time now, I've been hearing Desktop Analytics will provide some excellent data for your environment to assist with planning and deploying for your next Windows 10 feature update. And from the demos that I have seen, especially at MMS Jazz Edition, I believe it. The other thing I've been told multiple times over is that it's easy to set up. Just a few clicks and then wait a little bit and you have data. That's awesome! And I'm sure it is easy to set up, except.......when it isn't easy and doesn't work like it should.
I'd been using RegKeyToMof for the first time in a while in the last few months and thought some of us may want a deeper dive into how it works. I'm not going to cover directly on how to use it as Garth has covered that quite well over here: https://www.enhansoft.com/how-to-use-regkeytomof-2/
This post will be more on what it is doing. Hope you find it useful or interesting.
It comes up all the time when I want to know if anything in AD is not listed in CM and has a client, etc. If you work for an organization that is blessed with having excellent asset management, you could compare CM directly against your CMDB. But, everyone is not this blessed as it turns out. And reality being, you really should compare everything in AD to everything in CM. If its a domain joined computer, you'll probably want to know if it is or is not being managed by CM.
