security

SCCM – Updated E-book SCCM Administration v3

Hi All, my updated SCCM e-book has finally been released. It took some time to write up and test. With 130 pages divided in 37 chapters, you’ll find lots of good info about starting with SCCM. And it is free… In this version, I removed Linux related topics, Updated Windows 10 to 1709, added sections for Cloud Management Gateway (CMG), Windows 10 Express updates, SCCM Data warehouse, Office 365 Installer, Windows 10 Update Readiness, Pending Reboot, updated some other section for SCCM 1710 and updated/added some powershell scripts To download, click here. let me know if you have any feedback

Webcast-Protecting Your Company Against Cyber-Attacks-Record

Hi All, after few weeks after the Webcast, the record is finally up. You can get a copy or watch it here. We’re planning more and more stuff for this year. Stay tuned.

Webcast-Protecting Your Company Against Cyber-Attacks

Hi All, Tomorrow, 09/June/2017, 12:00pm London time (BST or GMT+1 timezone), i’ll be presenting the webcast Protecting Your Company Against Cyber-Attacks. you can join via skype broadcast link https://join-emea.broadcast.skype.com/perez.net.br/4ed9df2c596743529bb151c7bcbdbe91 I hope to see you all there.

SCCM – New E-book EMS with SCCM & Intune

Hi All, my new SCCM e-book has finally been released. It took some time to write up and test. With 53 pages divided in 13 chapters, you’ll find lots of good info about starting with EMS. And it is free. To download, access https://goo.gl/1MRuq7, fill up the form and download the PDF. let me know if you have any feedback

SCCM-Create wifi profile with password

Hi All, Today I would like to talk about the Wi-Fi profile. SCCM has this great feature that you can manage Wi-Fi profile on all managed computers, make changes, etc, without need for the user to do anything, this is great. however, one of the limitation on a wifi profile is the fact that you cannot set a password when using WAP/WEP. For many large organizations that have a 802.1x or a network where you need to somehow authenticate (certificate, ad username/password, etc), this is not a problem, however, for smaller organizations or organizations that have not implemented this security yet, not having the option to add the password is a pain. i recall that some of the chat i had with some customers where they have deployed the wifi profile and had to e-mail everyone the password, as you can imagine, big security risk… anyway, how can i add…

SCCM-Migrating form HTTP to HTTPS

Hi All, have you ever needed to migrate a SCCM 2012 (or Current Branch) environment from HTTP to HTTPS? if you have, you know that it is quite easy, but there are some challenges, when things go wrong, off course :)… The steps I normally take (and I hope I haven’t forgotten any :)) are: 1- Create the certificate Template (ConfigMgr Clients (if the workstation is not already in place), ConfigMgr IIS Servers and ConfigMgr DP Servers) 2- Request the certificates 3- on the IIS servers, change the bind to allow HTTPS port (default 443) and select the certificate 4- Export the Root CA (and any other CA) certificate and import it into SCCM. Note, do not force the SCCM to use PKI, instead, allow it to use HTTP or HTTPS.. 5- for each client, confirm that the Client Certificate is set to PKI (you can easily check the HKLM\Software\Microsoft\CCM\HttpsState…

SCCM 2012 R2 – Who dun it?! What have your admins been doing?

Players, A client of mine started slowly but surely getting more and more of his staff to start using SCCM 2012 R2. I created some custom RBA for his team, but as soon as I left … it seemed that some of the guys got lazy and just started adding people into the administrators group … So some admins had access over stuff in SCCM that they really should be allowed to touch … Long story short … some collections were deleted (by accident) and we needed to understand why and by whom. The guy wasnt in trouble, we just needed to identify who the admin was, so we can train them on how to manage collections correctly. Now there are many ways of doing this … My client wanted the “easiest way possible” to see “who dun it” in SCCM. So, there are actually some inbuilt reports in SCCM that…

SCCM 2012 – Security (Part 4)

Hi All, If you missed the Part I you can find it here and Part II can be found here and Part III can be found here today we go ahead with the Part 4 of the series of posts about security and now it is time to talk about the DP certificates. The DP certificate is the certificate that is used by any Distribution Point Site role and need to have the private key exported with it as it will be imported during/after the creation of the role. This is also the certificate that you can use on your media when creating one. Anyway, if you go to the documentation (http://technet.microsoft.com/en-us/library/gg699362.aspx) you’ll noticed that in a Microsoft PKI environment, the certificate that you can use as base is the Workstation Authentication, however, if you don’t want to use it, make sure that the Enhanced Key Usage value must contain…

SCCM 2012 – Security (Part 3)

Hi All, If you missed the Part I you can find it here and Part II can be found here today we go ahead with the Part 3 of the series of posts about security and now it is time to talk about the web certificates. The web certificate is the certificate that is used by any SCCM Site role that used IIS (well…not any as FSP will not use certificate as it only accept non-encrypted traffic). Anyway, if you go to the documentation (http://technet.microsoft.com/en-us/library/gg699362.aspx) you will notice that the following services/site roles need web certificate: Management point, Distribution point, Software update point, State migration point, Enrollment point, Enrollment proxy point, Application Catalog web service point, Application Catalog website point, Cloud-based distribution point, Network Load Balancing (NLB) cluster for a software update point**, Site system servers that run Microsoft SQL Server, SQL Server cluster: Site system servers that run Microsoft…

SCCM 2012 – SUP – Error: There was an error downloading the software update. (12152)

Hi All, recently i was at a customer site installing SCCM 2012 R2 and i had an issue downloading some updates… The steps were simple. as it was the 1st time, i’ve created an Software Update Group with all Windows 7 updates already released and tried to download it to a deployment package… The wizard was telling me that some updates failed to download with error: There was an error downloading the software update. (12152) and of course, a long list of updates where bellow it. the 1st i thought it was internet/proxy problem, however, there was no proxy involved and i could navigate to the internet without any problem… looking at the patchdownloader.log (it can be under %temp%, C:\Users\\AppData\Local\Temp or \Logs) i saw the following Checking machine config Software Updates Patch Downloader 19/03/2014 09:03:23 5472 (0x1560) Cert revocation check is disabled so cert revocation list will not be checked….