Monthly Archives: August 2014

SCCM 2012 R2 – Who dun it?! What have your admins been doing?

Players, A client of mine started slowly but surely getting more and more of his staff to start using SCCM 2012 R2. I created some custom RBA for his team, but as soon as I left … it seemed that some of the guys got lazy and just started adding people into the administrators group … So some admins had access over stuff in SCCM that they really should be allowed to touch … Long story short … some collections were deleted (by accident) and we needed to understand why and by whom. The guy wasnt in trouble, we just needed to identify who the admin was, so we can train them on how to manage collections correctly. Now there are many ways of doing this … My client wanted the “easiest way possible” to see “who dun it” in SCCM. So, there are actually some inbuilt reports in SCCM that…

Disable manual WiFi configuration of Windows Phone 8.1 through ConfigMgr

  I was recently working with a security-conscious customer to enable mobile device management through ConfigMgr 2012 R2. They had purchased a Windows Intune subscription and were following CESG guidelines regarding managing security policy for company-owned Windows Phone 8.1 devices. All the mobile data was routed through a private APN into the company LAN where it could be processed by the internal proxy rules. They also needed to use the phones as a tethering device for mobile users’ laptops so that, again, all data was routed through the LAN and its’ security appliances. I had a requirement to configure the following combination of ConfigMgr Configuration Item settings to enable this scenario: Tethering should be enabled. Wifi should be enabled only for an approved access point within the company’s offices. A user should not be able to join private wifi networks and hotspots etc.   Now according to various release comments…

SCCM 2012 R2 SQL Query Issues

Players, A client of mine had a issue with a custom SCCM query we created to find malicious software, he wanted to edit it, something went wrong and the console crashed. So we wanted to delete it and start again as we had the query backed up anyway. When we tried to delete it, we got a random error message and it simply wouldn’t move. So we ripped it out of SQL, here’s how we did it. Connect to your SCCM Database (CM_Sitecode), 1. Expand tables2. then right click “dbo.queries” and edit the to 200 rows3. Selected “Custom Query NAME”  then right click and then delete it. You’re also able to edit the query should you need to for SQL it self. Enjoy 🙂

@Heinrich_Pelser SCCM 2012 R2 Firewall Compliance Settings

Players. I recently needed to create a nice and easy way to check what state of the Windows Firewall settings on devices. This is very straightforward  when you use Compliance Settings in SCCM 2012 R2. In this scenario it was fairly easy as we needed to check if the firewall was on and to see if the connected profile in Windows Firewall is enabled or disabled. In this post I’ll show you how I did this. Configuration Item.  So, step 1 is to create a configuration item. This is used to define a configuration that we want to validate. Basically, the “stuff” we want to confirm is either on or off. We will need to create a single Configuration Item and once we are done creating it, associate it with a Configuration Baseline. But first you will the script below you can also find it here on MSDN. This is the script that I…