Windows Imaging and Configuration Designer and Assigned Access xml Bug
Hello everybody. So, my goal is to get this bug in front of the eyes that need to see it in order for the issue to get resolved, so if this is not the place to do that (it was the only place that I could find that seemed even remotely possible) then let me know where to move this post to so that the issue can be resolved. Now that that is out of the way, the issue that I want to report involves Assigned Access configuration file. As you may know, the "&" character cannot be present in an xml element attribute value, as it is a special character, and must be replaced with the escape string "&" instead. If there are any "&" characters in your assigned access configuration file, Windows Imaging and Configuration Designer will not allow you to compile the package. So, consider the Assigned Access Configuration file that I created with all of the "&" characters replaced with the appropriate "&" escape: <?xml version="1.0" encoding="utf-8" ?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" > <Profiles> <Profile Id="{aed4127d-7fe0-435f-bdda-e384815099ec}"> <AllAppsList> <AllowedApps> <App DesktopAppPath="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Google\Update\GoogleUpdate\GoogleUpdate.exe" /> <App DesktopAppPath="C:\Tableau\Store Okta Login.exe" /> <App DesktopAppPath="C:\Tableau\Manager Okta Login.exe" /> <App DesktopAppPath="C:\Windows\explorer.exe" /> <App DesktopAppPath="C:\Windows\Splwow64.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\ScannerUtility\BrScUtil.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\HttpToUsbBridge\HttpToUsbBridge.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\BrotheriPrint&Scan.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\BrScanKeyEventMgr.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe" /> <App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe" /> <App DesktopAppPath="C:\Windows\twain_32\Brimm22a\Common\TwDsUi.exe" /> <App DesktopAppPath="C:\Windows\twain_32\Brimm22a\Common\TwDsUiLauncher.exe" /> </AllowedApps> </AllAppsList> <rs5:FileExplorerNamespaceRestrictions> <rs5:AllowedNamespace Name="Downloads"/> </rs5:FileExplorerNamespaceRestrictions> <StartLayout> <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> <LayoutOptions StartTileGroupCellWidth="6" /> <DefaultLayoutOverride> <StartLayoutCollection> <defaultlayout:StartLayout GroupCellWidth="6"> <start:Group Name="Apps"> <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Manager Okta Login.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Learning Hub.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\My Documents.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Altametrics Schedules.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Brother iPrintScan.lnk" /> </start:Group> </defaultlayout:StartLayout> </StartLayoutCollection> </DefaultLayoutOverride> </LayoutModificationTemplate> ]]> </StartLayout> <Taskbar ShowTaskbar="true" /> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="Manager Workstation"/> <DefaultProfile Id="{aed4127d-7fe0-435f-bdda-e384815099ec}"/> </Config> </Configs> </AssignedAccessConfiguration> I apologize for formatting the contents of the file as a code block, but when I tried placing the text in a code sample, it would automatically substitute the "&" for an "&" character. In any event, importing the above assigned access configuration file in Windows Imaging and Configuration Designer does not produce an error, and allows for the application to compile the ppkg file, but when this ppkg is applied to a system during deployment, it results in an endless boot loop after the system restarts. It would seem that the provisioning package that Windows Image and Configuration Designer creates results (at least in my case) a boot loop on the target system if the assigned access xml that is imported contains any element attributes that contain an "&" character. And I am not the only person who has run into this problem either. While investigating this issue, I found the below thread detailing the exact same issue: https://www.reddit.com/r/Intune/comments/1enlwwe/assigned_access_xml_with_ampersand_usage_fails_to/
Probleme de mise à jour des definition defender
Je rencontre un problème depuis peu. En fait, pour la Mise à jour de definition Defender une ADR a été configuré pour que la mise à jour se fasse tour les 8h. certains postes du parc n'arrivent pas à les mises à jours Windows et definition Defender. Je constate qu'il y a un problème d'application de la policy EPM et l'ADR. Lorsque j'applique le contournement suivant: - renommer le fichier registry.pol en registry.pol.old et forcer sa création par un gpudate /force le tout fonctionne jusqu'à une certaine période et cela reprend. J'aimerais savoir si quelqu'un de la communauté a deja rencontré ce problème, si oui quelle est la correction et c'est quoi la raison ou la cause de se problème. Les recherches parlent de fichiers corrompu soit par une coupure d'électricité ou de l'agent, mais malgré les recherches je n'ai pas une solution définitive et une raison claire. Je souhaiterais avoir votre contribution
Multiple Orgs one monitored with Comp Portal
Going to try best to explain this. I have my own domain and 365 business account using entune and all we’ll say account A. A client (account B) requires me to have Comp Portal and download webex from it. I opened OneNote and a message appeared that the organization is now managing that. If within one note I’m under account A which is my own domain, can account B which requires Comp Portal to access WebEx see my stuff in apps under account A?
SCCM Collection Machines Failing Active Patches
I need to build a collection of machines that are struggling to get patches installed successfully. We would like for the collection to be as accurate as possible with the following logic: 1) failed patch status 2) failed patch is not a patch that has not been superseded 3) patch is actively deployed 4) exclude any machine that has a reboot pending status for any patch We do have a collection built using the logic below but feel like this is not specific enough. (select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System as SYS Inner Join SMS_SUMDeploymentAssetDetails as SUM on SYS.ResourceID = SUM.ResourceID WHERE (sum.statustype = 5) and SUM.LastEnforcementErrorCode <> 0) Any direction you can provide on either a sql query to gather this information or better yet actual collection logic code would greatly be appreciated. Thanks, JasonImplementing Windows 11 - updates not showing through configmgr
New admin here - our old admin left unexpectedly and I hopped in his place, so i apologize for the questions i'm about to ask as they might be simple. I originally asked on Reddit and they suggested I look here. I'm in the middle of piloting windows 11 with myself only (getting the basic TS working, DISM removing software, etc). I was waiting until this update cycle before i handed it out to a few IT folks to test their apps with, but this is when i discovered software updates were not showing as required nor installed on any of the 4 devices I installed this on. Device list 3 VMWare VM's 1 Dell 7080 ConfigMgr Version 2211 we've been using config manager here since the very early SMS days currently have about 1400 windows 10 clients fully functional VLSC Windows 11 22H2 22621.2134 Went through the guide on Prajwal Desai (https://www.prajwaldesai.com/deploy-windows-11-using-sccm-configmgr/) Imaging went off mainly without a hitch I've been pushing apps automatic mandatory apps have been installing we use patch my PC which is updating W11 clients as well without any issues. The software Update problem. No windows 11 clients are showing any required, nor installed updates on either the VM's OR the Dell desktop. WUAHandler is showing that it has successfully scanned the device (it's identical to the W10 boxes) Summary is showing every 6 hours client settings show updates every 4 hours the image i've been using is 22621.2134 the cumulative update should be catching this https://support.microsoft.com/en-us/topic/november-14-2023-kb5032190-os-builds-22621-2715-and-22631-2715-f9e3e13c-5e98-42c2-add8-f075841ca812 if not the superseded update should be catching these at least. https://support.microsoft.com/en-us/topic/august-8-2023-kb5029263-os-build-22621-2134-f8d4d3de-47c1-40e1-a2e6-97c2770ee2e8 Like i mentioned above, applications are installing, patch my PC is installing software, so SCCM is functional to these devices, it's just not scanning W11 devices correctly (W10 is working just fine) unsure where to start looking... thanks all!Co-managed devices are being tagged as not compliant in Entra ID
Good day! Anyone experienced or familiar with this issue? 🙂 We have the following settings: 1. Conditional Access Policy that blocks Non-Compliant Devices in accessing Corporate Applications. 2. All Corporate Devices are Hybrid Azure AD Joined Devices and Co-Managed with SCCM and Intune 3. Compliance Workload of all devices are being managed by SCCM Our issue is that devices are failing Conditional Access Policy because they are tagged Not Compliant in Entra ID. When I looked in to Intune the device has the correct compliance which is "See ConfigMgr" and the Software Center of the app also shows the device is Compliant.
