Allow a user to delay a Windows 10 upgrade task sequence

Upgrading Windows 10 (e.g. v1511 to v1607) is easy using the upgrade task sequence in SCCM. Unfortunately it is not as user friendly as we would like, most notably there is no warning to the user that an upgrade is about to take place (when you set the upgrade task sequence to required). To fix this issue we use PowerShell App Deployment Toolkit to warn the user and allow them to delay the upgrade task sequence.

Read more “Allow a user to delay a Windows 10 upgrade task sequence”

Citrix Receiver install hangs during task sequence

We had a lot of problems getting Citrix Receiver to install correctly in our task sequence. During imaging it would hang until you moved the mouse or it timed out. Apparently this is a semi-common problem due to how Citrix Receiver installs USB support.

Read more “Citrix Receiver install hangs during task sequence”

Internet Explorer home page not being set at first logon

We had an issue in our environment where when a user first logged onto a Windows 10 workstation their Internet Explorer home page wasn’t set to our intranet. This issue occurred even though the home page was being set via GPO. We determined this was due to how Windows 10 provisions profiles on first logon.

Read more “Internet Explorer home page not being set at first logon”

Enable the TPM chip for Lenovo workstations via WMI and PowerShell

For whatever reason the TPM chip was being set to disabled during our imaging process/checklist. This became an issue when we started rolling out MBAM (BitLocker). In order to remediate this we deployed a package using SCCM and PowerShell App Deployment Toolkit that would enable the TPM chip.

Thankfully Lenovo makes it easy to modify the BIOS settings from inside Microsoft Windows. There is a gotcha when enabling the TPM chip though, that gotcha is that the WMI call is different depending on if it is a desktop or a laptop.

Read more “Enable the TPM chip for Lenovo workstations via WMI and PowerShell”

No entries in MBAM (BitLocker) event logs

I came across an odd issue during my MBAM (BitLocker) rollout. A small handful of workstations didn’t have any entries in the MBAM (BitLocker) event logs (admin or operational) and if you ran

manage-bde -status

on these workstations you would get the following error:

ERROR: An error occurred (code 0x8004100e): Invalid namespace

This error prevented MBAM (BitLocker) from automatically encrypting the hard drive.

Read more “No entries in MBAM (BitLocker) event logs”