I had this challenge today: Enforce Ctrl + Alt + Delete being required at log on and unlock. This is easy to do via group policy normally (Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL), except in environments that have computers with Imprivata Onesign (single sign-on) Agent installed on them, where this setting has to be turned off to allow a badge tap or fingerprint read to automatically unlock the workstation.
Sean Huggans's blog
After installing the Windows 10 Creators update on my 8460w, I noticed I couldn't open control panel. When I tried, it would freeze up everything and then close, and windows explorer would restart shortly after that. This ended up being the IDT Audio driver I had installed. Once I uninstalled that from add/remove programs, everything is back to normal. I would suggest uninstalling the IDT audio drivers in a pre-flight check step/group for any upgrade task sequences pushed out to avoid this unpleasant surprise!
With the announcement of the Microsoft Anti-Malware engine client vulnerability (CVE-2017-0290), I posted a query you can perform against your site/CAS database to quickly show versions of the SCEP engine you have out in your environment. Click here or go to the query library to get it!
Thought I'd throw up a blog entry about an issue I encountered last night. I am in process of moving my home lab over to a complete server 2016 environment and used it as an opportunity to start fresh with it all... I noticed when I went to set up my Certificate Authority so I could set up System Center Updates Publisher that the certificate never showed up in the list.
You may notice in many cases that the method of driver installation utilizing the FMSCUG Driver Installer results in very large packages, in some cases up to 4GB depending on the model, while other times the package may be more around the 400MB mark. For smaller packages, this is fine, however if you are like most SCCM administrators, you don't want to take up the space and/or kill WAN links distributing large packages for each model. There is a solution - and it's called 7-Zip!
I would like to announce the general availability of the FMSCUG driver installer, which is free for use within your task sequences to automatically launch scripted driver installs. This application gives you a new option for installing drivers which allows you to utilize your vendor's EXE format drivers (or other formats really), avoiding timely imports into SCCM, and allows you to utilize the power of scripting in order to install the drivers with any logging/switches you want.
Writing this to help any out who may be encountering this issue. I upgraded the ADK in my test lab this weekend, and when I imported the new boot images into the console, it failed with the following message: "The specified file can not be imported. Make sure the file is not read only and you have read and write access to it." The fix for me? Reboot after you update the ADK. Once I rebooted, I was able to successfully import the new boot WIM.
Just finished up the initial version of a project I started over the weekend I am calling FMBIDST (short for Boot Image Driver Servicing Tool); It's a GUI for DISM (with a few things like retries, etc. on errors). You can use this to add drivers into your boot images without having to wait on the SCCM console or having to remember DISM commands.
Link to the ZIP file with 32-bit and 64-bit installers in this post
This write up is mostly a problem description, along with a conceptual solution which is working but being tested at the moment. This testing is being done with OS X 10.11.5 El Capitan.