Enable Windows 10 Extended Security Update
Hi All, We are managing our Windows 10 workstation fleet using SCCM, with activation handled via KMS. Since we have not yet transitioned to Windows 11, we’ve purchased ESU licenses. Microsoft provides detailed guidance on activating ESU through various methods — including Intune, phone, Internet, and the Volume Activation Management Tool (VMAT) for clients without Internet access — which is very helpful. https://learn.microsoft.com/en-us/windows/whats-new/enable-extended-security-updates Does anyone know the best method to enable ESU for enterprise workstations using SCCM/KMS, or through any alternative approach? Thank you in advance.
How to Disable BitLocker Notifications via SCCM and fveutility.exe fvenotify.exe
I'd like to hide the notification when Bitlocker policy kicks in and fvenotify.exe runs. There's a toast notification that runs > Bitlocker Notification Utility "Encryption in Progress" We're using SCCM with Bitlocker Administration policy. I've tested adding fvenotify.exe to a GPO and Do Not Run Specified application but then you get a message about the Restriction - from the GPO.TPM problem "Unable to turn on BitLocker"
Good morning, We have a problem with laptops that are equipped with 11th generation Intel i7 and i5 processors. The problem manifests itself after connecting the trap to the domain and entering the policy by SCCM using MBAM. I get a message saying BitLocker could not be turned on, clearing the TPM helps, but sometimes you have to do this several times before the message disappears. This only occurs on the 11th generation. Does anyone know what this problem is caused by?
Always on VPN Split tunnel
Hi All I don't know to much about MS Always On VPN but have a question. If a user is at a client site and is trying to access a resource on the clients network that is in a similar IP range as what has been sent to go over the VPN tunnel, what would be the best way for this certain group of users to stop specific IP addresses from going over the tunnel and instead breaking out to use the local network resource? Would it also be possible to automattically detect when on these networks/sites so when these users are connecting from else where, the IP addresses are then sent back over the tunnel? I hope the above makes sense. Any advise would be greatly appreciated.
3rd party Whitelisting Application Control and Windows OS Upgrades from SCCM
Hello everyone! I am being as ambiguous as possible because I do not want to identify the vendor or customer. I am an admin for a 3rd party Application Control software with a client with a concern: OS: Windows 10 1909, upgrading to 20H2 Some context: Automating Windows Upgrades. I use 3rd party software to manage the same software. Windows Updates work fine, as only a few execution control rules need to be created. Major OS Upgrades (1909 to 20H2, in this case) are largely blocked, which is by design since the Windows directory itself is protected. The customer has a strict governance on the software allowed/whitelisted. While my software has a specific mode that is designed for this type of upgrade, which by nature allows changes to be made to the system. Leaving the system in this mode longer than is required for the OS Upgrade is a security hole we need to avoid. We do this the Application to change to this mode in order to make the required changes to the OS. Currently, SCCM creates a custom variable that my software scans for, and then executes the change on the system(s), then creates another variable when the upgrade is complete to lock the system down again. I do not want to depend on SCCM for my deployments. I'm trying to remove an extra point of failure. All that leads to this ask: Is there any flag, change, or otherwise modification that occurs, with respect to Windows, before the upgrade? I'm effectively looking for something that I can detect or scan for reliably to automate changing modes from my own automation. Thank y'all for your time!Best way to upgrade windows version
Hi all - we have thousands of systems which is in the process of upgrade and our SCCM Admins are using software center to push these updates. SCCM DP is hosted on corporate network but since users are working from home the updates are going via WAN and failing apart and update process is not successful. If there is any more easier way to update windows from 1809 to 1909 like usb, iso, copy the task sequence file etc ? any sort of easier way to upgrade these machines for remote users.Bitlocker Encryption still running at 128kb instead of the required 256kb.
Hi Hopefully I have put this in the correct forum 🙂 We use SCCM and have created a Windows 10 deployment which should set bitlocker encryption to 256KB but instead it's setting it to 128KB. The step to change the encryption is set in the build sequence. Its not Group policy that is affecting it as its occuring well before then and at build. Does anyone have any suggestions what it could be? I will post this on the Microsoft Endpoint Manager forum in case its best answered there. Many Thanks
