Using ConfigMgr Run Scripts and Microsoft Quick Assist to Repair a Broken Domain Trust Relationship

Recently one of our sites began having some issues with domain joined devices losing their trust relationship with Active Directory. While some users were able to log in with cached credentials, we had no easy way to get admin credentials to repair the domain trust. I’m going to show how Configmgr Run Scripts and Microsoft Quick Assist helped us get admin access to the devices to perform troubleshooting and remediation. The purpose of this post is to show how we can leverage various tools to solve challenging problems in production.

How to find Settings Preventing Application Deletion in ConfigMgr

Today my co-worker was attempting to delete an old application and got blocked with the following message message and I wanted to document it for future reference. Configuration Manager cannot delete this application because other applications or task sequences reference it or it is configured as a deployment. 1Configuration Manager cannot delete this application because other applications or task sequences reference it or it is configured as a deployment.

Autopilot Profile causes Device Rename after ConfigMgr OSD Task Sequence and Breaks AD Domain Trust

We got some new hardware models in this week and added drivers to our ConfigMgr OSD Task Sequence (with Windows 10 1909 serviced with November 2020 updates) to test. One of the devices kept ending up with a broken domain trust relationship when you attempt to log in immediately following build completion. The security database on the server does not have a computer account for this workstation trust relationship

Windows 10 Feature Updates – Testing the /MigNEO Disable Parameter

Over the past few weeks I’ve been testing re-writing my Windows 10 Feature Update repo to make it easier to implement - if you haven’t tried it, go check it out. Just follow the readme in the repo https://github.com/AdamGrossTX/Windows10FeatureUpdates. During the re-write I was reminded that there were a few command line parameters that I hadn’t experimented with. One of them is /MigNEO which only has a Disable option. According to the product group, NEO stands for non-event objective which, doesn’t help it make more sense to me.

Analyze SetupDiag errors for Feature Updates in ConfigMgr 2008 Technical Preview

As soon as I read the release notes for ConfigMgr 2008 Technical Preview I knew I would be doing some digging. This release introduced the first iteration of a feature that will hopefully help make Windows 10 Feature Update servicing a little easier to manage. Listed as Analyze SetupDiag errors for feature updates this feature has been added to the Windows 10 Servicing dashboard. When I initially read the release notes and looked at the included graph, I was disappointed.

Troubleshooting ConfigMgr Enhanced HTTP and Azure Directory Group Sync

Today I got to help my buddy Adam Juelich with getting ConfigMgr Azure Directory Group Sync working. It’s an awesome new feature that allows you to sync ConfigMgr collection memberships to your Azure tenant. Adam had followed all of the steps and ensured that prerequisites were all configured properly but sync would never work. Over a Teams meeting we double checked everything and walked through Ronny Dejong’s (He covers pretty much all of troubleshooting steps needed for this!

Remove Windows 10 In-Box Apps with ConfigMgr or Intune and the Microsoft Store for Business

If you’ve been managing Windows 10 for very long, you’ve likely implemented a script or other method to remove some of the In-Box apps that come with Windows 10. We have been using a customized version of a script that Michael Niehaus published in 2015. It uses PowerShell and an XML file with a list of apps to be removed. I have integrated it into my Windows 10 offline servicing script that I use to apply updates to my image each month.

Demystifying Windows 10 Feature Update Blocks

Disclaimer - if you manually bypass Feature Update blocks, you risk causing issues with your device. The blocks exist for a reason and should be respected. This information is provided for educational purposes only. Proceed with caution. Windows 10 Feature Updates are released twice per year. For each release, Microsoft has the ability to block the update from being installed or even showing up in Widows Update for applications/drivers/devices that have known compatibility issues.

Lockdown Diary – Metered Internet Connections and Broken ConfigMgr Clients

Do you know how hard it is to find things when you don’t know what to search for?? I’m paranoid. We recently upgraded our site to ConfigMgr 2002, first fast ring, then the hotfix. We also installed a Cloud Management Gateway, re-worked our Boundary Groups to handle VPN better, added a second Management Point and generally made a butt-load of changes to our environment to help our remote clients have access to content more easily.