With the new released Microsoft Intune, we no longer require Symantec certificate to enroll Windows 8.1 devices. However, if you are facing the following scenarios, you still require Symantec certificate.
Wednesday, December 3, 2014
Wednesday, November 19, 2014
New Intune standalone features that will be released as part of this service update include:
- Enhanced user interface for Intune administration console
- Ability to restrict access to Exchange on-premises email based upon device enrollment
- Bulk enrollment of devices using a single service account
- Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
- Targeting of policies and apps by device groups
- Ability to report on and allow or block a specific set of applications
- Enforcement of application install or uninstall
- Deployment of certificates, email, VPN and WiFi profiles
- Ability to push free store apps to iOS devices
- More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
- Remote pin reset for Windows Phone 8.1 devices
- Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
- Ability to restrict administrator access to a specific set of user and device groups
- Updated Company Portal apps to support customizable terms and conditions
Please visit http://blogs.technet.com/b/microsoftintune/archive/2014/11/17/new-microsoft-intune-capabilities-coming-this-week.aspx for more information.
Saturday, September 13, 2014
If you are getting nothing from the inventoried software under the Asset Intelligence, please check the Hardware Inventory Classes.
Please make sure the below are checked:
- Installed Executable – Asset Intelligence (SMS_InstalledExecutable)
- Installed Software – Asset Intelligence (SMS_InstalledSoftware)
After the SCCM Client receive the machine policy, and the hardware inventory policy ran, you should be able to have something pop up from the inventoried software list under Asset Intelligence. You can search for SMS_InstalledSoftware in the InventoryAgent.log from the client machine to check if the classes are inventoried.
Friday, September 5, 2014
I would like to highlight the Remote Differential Compression prerequisites on Windows Server 2003. Remote Differential Compression is not available to be configured in the Add/Remove Windows Components like any others prerequisites. If you have missed out this prerequisite, you will not able to perform any content distribution, the operation will fail!!! Although you have checked to install IIS automatically during the DP installation, it just simply won’t install because that only available on Windows Server 2008 and above.
You can manually install the Remote Differential Compression prerequisite. It is located in the client folder, \\SCCM12\SMS_PS1\Client\i386. Look for the installer named “msrdcoob.exe”. Run the installer manually in the Windows Server 2003 and you should be able to distribute content to the DP now.
Thursday, July 3, 2014
Failed to launch SCCM 2007 reports from remote console, "You do not have permission to view this directory or page."
I was performing a maintenance fro a SCCM 2007 customer this morning. Customer is complaining that he couldn’t launch the report from his remote console, but no problem launching it from the ConfigMgr Console from SCCM Server.
I went to the verify the DCOM configuration, and the setting is correct. Checkout the DCOM configuration guide here.
Next, I check the SMSReporting_XXX Authentication configurations. I make sure only the Windows Authentication is enabled. Somehow the “Enable Kernel-mode authentication” setting is checked under the Advance Settings of the Windows Authentication, which is not correct. I uncheck the setting and it should looks like the screen captured below.
Lastly, I reconfigure the Providers settings of the Windows Authentication, which looks like the screen captured below. Only NTLM and Negotiate: Kerberos are enabled.
User can now successfully launch the report from his remote console. Cheers!!
Friday, June 13, 2014
SCCM 2012 is not fully support on IPv6 yet. Below are some of the features that are not IPv6 ready. I was working on OSD and randomly getting error “Failed to download policy” with generic error code 0x80004005. I opened a case with Microsoft and the engineer find out that SCCM 2012 is not fully ready on IPv6 yet. We disabled the IPv6 configuration from the server and the error seems to went away.
Tuesday, June 10, 2014
Are you performing any one of the actions above to your SCCM 2012 SQL database? After you did that, please make sure that the new SQL server configuration is correct. Especially the Allow Snapshot Isolation, Is read Commited Snapshot On, Trustworthy, Broker Enabled. and Honor Broker Priority settings. All these settings need to be set as TRUE. If these settings are not configured correctly, you might end up getting errors “Microsoft SQL Server Reported SQL Message 50000, Severity 16: *** Unknown SQL Error!” from SMS_POLICY_PROVIDER Component or this error. Please also ensure that the owner of the database is SA!!!
ALTER DATABASE <CM_XXX>
SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE <CM_XXX>
SET READ_COMMITTED_SNAPSHOT ON
--- Enable the SQL Broker on the Site database
ALTER DATABASE CM_XXX SET ENABLE_BROKER
--- SET the Site Database as trustworthy
ALTER DATABASE CM_XXX SET TRUSTWORTHY ON
--- SET the Database to honor the HONOR_BROKER_PRIORITY
ALTER DATABASE CM_XXX SET HONOR_BROKER_PRIORITY ON;
Thanks for reading…