Friday, October 9, 2015

Create Boundary Group and Boundary Powershell Script

Below is the powershell script that I created my latest project. So this is how the script works:

  1. Create Boundary Group
  2. Add Site Server to Boundary Group (You’ll need to install all your distribution point first!)
  3. Create AD Site boundary and add to Boundary Group accordingly to the boundary.csv

Import-Module "D:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
#SCCM Site Code
cd L28:

#Define all your boundary group name here:
New-CMBoundaryGroup -Name "Kuala Lumpur"
New-CMBoundaryGroup -Name "Penang"
New-CMBoundaryGroup -Name "Johor"
New-CMBoundaryGroup -Name "Sabah"
New-CMBoundaryGroup -Name "Sarawak"

#Define the boundary group site server:
Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName -AddBoundaryGroupName "Kuala Lumpur"
Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName -AddBoundaryGroupName "Penang"
Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName -AddBoundaryGroupName "Johor"
Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName -AddBoundaryGroupName "Sabah"
Set-CMDistributionPoint -sitecode L28 -SiteSystemServerName -AddBoundaryGroupName "Sarawak"

Import-Csv D:\Scripts\Boundary\Boundary.csv |
New-CMBoundary -Name $_.Description -Type ADSite -Value $_.ADSiteName
Add-CMBoundaryToGroup -BoundaryName $_.Description -BoundaryGroupName $_.BoundaryGroup

The boundary.csv format is as below:

1U,1U,Kuala Lumpur
AU2,AU2,Kuala Lumpur
BKT,BKT,Kuala Lumpur
KB,KB,Kuala Lumpur
KK,KK,Kuala Lumpur
KTN,KTN,Kuala Lumpur
KUC,KUC,Kuala Lumpur
Lot28,Lot28,Kuala Lumpur
MLK,MLK,Kuala Lumpur
SBN,SBN,Kuala Lumpur
SWY,SWY,Kuala Lumpur
TPC,TPC,Kuala Lumpur



Thursday, August 13, 2015

Microsoft Intune Managed Apps – Multi-identity

As of today, there are total of 18 Microsoft Apps (iOS + Android)  that you can use with Microsoft Intune mobile application management (MAM) policies. Some apps support multi-identity, some not. What is multi-identity? shows you the list of Microsoft Apps that support MAM.


You’ll notice behind some of the apps have the * labelled, which means it is a multi-identity apps. Let me explain my experience on that:

I’ve deployed Word and OneNote to my IPad. Both applied with the default MAM policy.

First example, I did the testing with OneNote on iOS, without * labelled. It pops up for pin for using the apps and restrict copy and paste to local apps like notepad.

Second example, I test with Word on iOS. It doesn’t pops me pin for using the apps and never restrict me from copy and paste to local apps. BUT!!! After I saved or open a document from corporate drive like OneDrive or Sharepoint, it will restrict me to copy and paste to local drive.

I hope the examples above help to clarify what’s multi-identity.

Tuesday, June 23, 2015

SCCM Client Push Error: Unable to access target machine for request

My customer called me for support due to client push failure. It is working fine the last time they performed client push. I checked out the ccm.log in the SCCM Primary Site, and I found majority failure is due to unable to access target machine for request. Back to the basics, I check the admin$ connection with one of the failure machine using windows explorer. It prompted for username and password, I entered the client push username and password. It doesn’t went through, and I entered again, and of course it failed again. Something wrong here, the client push account was granted with Domain Admin permissions. I asked my customer to enter another username and password that has the permission, and it went through. I suspected the Domain Admin permission was removed from the client push account, and asked the AD team to investigate. Yes, the Domain Admin permission was removed by someone. After the AD team configured back the Domain Admin permission, the client push is working fine. CHEERS!!!

Tuesday, June 9, 2015

MBAM Error Code: 0x80310004

I bumped into the error below. The error says the TPM is missing, but the TPM is enable on that machine, it is double confirmed.


To resolve the issue, I restart the machine, boot into startup repair, press F8 during the machine starting up.


Click on the Command Prompt, and enter the following command, “bootrec /fixbmr”.


Exit the command prompt and reboot the system.

I hope this helps you too.

Tuesday, May 19, 2015

My SCCM 2012 R2 UNIX Linux notes

Download Putty and PSCP from

Putty allows you to perform remote terminal.

PSCP allows you to copy files to the UNIX and Linux machines

To create new directory in UNIX Linux named sccmclient, mkdir /sccmclient

To copy files to UNIX Linux machine, launch command prompt and change directory to the SCCM client source folder. Then Enter path_to_pscp\pscp.exe * root@ The IP is the UNIX Linux IP

Before install the SCCM client, enter chmod +x install

SCCM client installation command ./install –mp –sitecode abc ccm-Universalx64.tar

Add –ignoreSHA256validation switch for:
  • RHEL Version 4 (x86/x64)
  • Solaris Version 9 (SPARC) and Solaris Version 10 (SPARC/x86)
  • SUSE Linux Enterprise Server Version 9 (x86)
  • HP-UX Version 11iv2 (PA-RISH/IA64)
To read installation and operation log, tail –f /var/opt/microsoft/scxcm.log

To stop the ccmexecd, /etc/init.d/ccmexecd stop

To start the ccmexecd, /etc/init.d/ccmexecd start

To perform machine policy refresh, /opt/microsoft/configmgr/bin/ccmexec –rs policy

To perform inventory scan, /opt/microsoft/configmgr/bin/ccmexec –rs hinv

To install rpm package, rpm –i rpmpackage.rpm

To check the existence of rpm packages, rpm -qa | grep rpmpackage

To uninstall SCCM client, /opt/microsoft/configmgr/bin/uninstall

Monday, May 18, 2015

Exploring on Mobile Devices Settings in Office 365

In fact, it detects you have subscribed to Intune services and it will direct you to the Microsoft Intune administrator console. I’ll have to setup a new E3 trial again. Ouch… :)