Recently we needed a collection of the primary devices of our early adopter users a.k.a. pilot users, because, you know, the output of all the helpers like Desktop Analytics or M365 Apps Readiness in #MEMCM is a collection of machines. But being an Early Adopter is a user role. To create a device collection for […]
The endpoints used by #WSUS for manually importing updates like the “Cumulative Update Preview for Windows 10” are not capable of TLS 1.2. So, after installing the TLS hardening via July updates on a WSUS server the import fails with error 80131509.To reenable the import you need to allow the fallback to the less secure […]
We use Automatic Deployment Rules (ADR) for Security Updates, other updates, Defender updates and 3rd party Software Update Catalogs. Since all these updates need to be tested through our internal rings, we use the option ‘Create a new Software Update Group’. So, if the ADR detects added updates it creates a new Software Update Group […]
The Configuration Manager current branch (CMCB) shows every 60 minutes errors for SMS_PROVIDERS. It goes: Message ID 1018: Site Component Manager is reinstalling this component on this site system Message ID 1090: Site Component Manager could not stop the winmgmt service on site system Message ID 1020: Site Component Manager failed to reinstall this component […]
The 18252 release notes confirm an older skip-ahead reported bug is now in Fast-ring: Settings app is crashing when invoking actions on certain pages. This includes “Check online for updates from Microsoft Update”. Since this option does not have any schedule and can be triggered only manually, your Insiders for Business cannot update to the […]
We are using Configuration Manager current branch to update the existing Windows 10 machines with quality updates. All Configuration Manager Components are running on ‘Server 2016’ + KB4284833. The error is reproducible in CMCB 1802, 1802 + KB4339794 or TP 1806.2. Windows 10 cumulative updates categorized as ‘Updates’ are not imported in to Configuration Manager […]
If you use Windows 10 language packs, the sources in the MultiLang-iso-files do not contain language updates for the Inbox Apps. In general, they should be updated by a scheduled task (Microsoft -> Windows -> Windows Update -> Automatic App Update), but this task requires the Store app to be accessible and the machine to […]
Microsoft published the Intel microcode update for Windows 10 1709 as a standalone update (KB4090007), so it is not showing up in WSUS. However, it can be deployed as an application: wusa.exe “windows10.0-kb4090007-x64_7063a0b6a38e2a648aa1d77570503f7062360c9d.msu” /quiet /norestart But, even if the current version 1.003 is already supporting more CPU models as version 1.001, it doesn’t cover all […]
Intel published a new vulnerability on 11/20/17 around Intel® Management Engine (ME): INTEL-SA-00086 causing Elevation of Privilege (EoP), Remote Code Execution (RCE) or Denial of Service (DoS). Intel published also a detection tool to run on clients. The detection tool is creating registry values about the vulnerability state of a client. To check the status […]
Microsoft published yesterday a security advisory (ADV170012 -Vulnerability in TPM could allow Security Feature Bypass), that shows a key generation weakness in Infineon’s TPM chip firmware. To solve the issue we first have to update the firmware of all vulnerable machines, so we have to identify them. As always, ‘Configuration Manager – Hardware Inventory’ can […]
End-User Computing 