I checked mine prior, I had not updates with that classification. I believe
this is related to Windows 10.
https://blogs.technet.microsoft.com/wsus/2015/12/03/important-update-for-wsus-4-0-kb-3095113/
On Wed, Apr 12, 2017 at 10:36 AM, s kissel wrote:
> Microsoft does not
Microsoft does not recommend turning off upgrades in SCCM environments at this
point since that will expire all of the upgrades in SCCM environments until the
upgrades classification is rechecked and resynced. If you really need to get
the updates synced, you can attempt this but note that it
No. This choice is a feature update selection mechanism that helps determine
what to include in the resulting update group. It is not a targeting mechanism
and thus is not dependent on the defer updates setting on clients. You use
collections just like you always have/do to target servicing
Had the same issue, disabling the upgrade classification has worked for us.
On Wed, Apr 12, 2017 at 7:15 AM, HELMS, DAVID C wrote:
> Thanks. I also see that Microsoft is no longer doing the monthly
> bulletins but now using a Security Updates portal.
>
>
>
> *From:*
Totally agree on LAPS.
Probably the best ROI on effort for anything security related. Very easy to
rollout.
This is probably the best guide I have seen on rolling it out.
https://flamingkeys.com/deploying-the-local-administrator-password-solution-part-1/
2nd Place would be Credential Guard.
Thanks. I also see that Microsoft is no longer doing the monthly bulletins but
now using a Security Updates portal.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Steve Whitcher
Sent: Tuesday, April 11, 2017 4:49 PM
To: mssms@lists.myitforum.com
http://myitforum.com/myitforumwp/2017/04/11/errors-during-wsus-update-synchronization-for-april-2017-updates/
On Tue, Apr 11, 2017 at 3:32 PM, HELMS, DAVID C wrote:
> Has Microsoft released the security updates for April 2017? Not seeing
> the April 2017 Security bulletin
Has Microsoft released the security updates for April 2017? Not seeing the
April 2017 Security bulletin talking about what is being released.
Rebuild the machine. The desktop managers decided it was “easier” to just
rebuild the machine than manually join it to the domain. The most common
reason for a machine getting knocked out of the domain is because the
right-hand wasn’t talking to the left-hand and someone build a second
We are looking to utilize this product which will do it for you. You can either
pay for the automation or do it manually.
https://thycotic.com/products/secret-server/
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Burke, John
Sent: Tuesday, April 11,
What do you do for domain join issues, where local accounts are the only option?
Daniel Ratliff
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Marable, Mike
Sent: Tuesday, April 11, 2017 2:15 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE:
Microsoft has a tool for that… Local Administrator Password Solution (LAPS)
I have been dying to implement Microsoft LAPS, but bureaucracy is holding me
back…
Have you looked at LAPS?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Burke, John
Sent: Tuesday, April 11, 2017 1:37 PM
To: mssms@lists.myitforum.com
Subject: [mssms]
Hi,
We are talking about creating unique local admin passwords for our systems (vs
changing it regularly). I’m wondering how many folks actually create unique
local admin passwords vs just changing it regularly?
Maybe I misunderstood then. I thought that when you define a servicing plan
that you have to pick the update ring (CB or CBB) and that the targeted clients
are set to either ring using defer windows updates GPO’s. This is how I was
setting my Windows 10 clients to the CBB ring.
Is that not
We just had confirmation on the back-end that not much changes here, the blog
post is still valid, don’t set anything.
Question though, what do you mean tear down your servicing? Servicing in
ConfigMgr has nothing to do with the issues being discussed.
J
From: listsad...@lists.myitforum.com
So since it’s patch Tuesday it looks like I’m going to have to tear down all of
my Windows 10 servicing in SCCM so that my clients don’t go to MS for updates
today… what fun. I was hoping that something would be fixed at least by 1703
but your comments don’t make me very confident in that. I
And of course, it’s changed in 1703 – the “defer” option is gone and now there
is a “pause” option. No one knows if these are the same, different, or
something else.
J
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Hyatt, Dewayne
Sent: Tuesday, April
I’ll admit that I have been off task for a little while with other projects. I
didn’t realize this was a daily thing ☹
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Adam Juelich
Sent: Tuesday, April 11, 2017 10:49 AM
To: mssms@lists.myitforum.com
For reference this is the documentation I used when we moved to 1607:
https://technet.microsoft.com/en-us/itpro/windows/update/waas-manage-updates-configuration-manager
It seems that it contradicts the blog about dual scan.
From: listsad...@lists.myitforum.com
The fact that we are still having this conversation daily over the past few
months means that Microsoft is really screwing the pooch here.
On Tue, Apr 11, 2017 at 9:42 AM, Hyatt, Dewayne wrote:
> Whoops… I had read that blog a while back but apparently not well enough.
>
>
>
Whoops… I had read that blog a while back but apparently not well enough.
I am confused now though. I am using a GPO to define what branch our Windows 10
clients are in for Windows 10 servicing in SCCM. I thought that was the correct
way to do it. I saw 1607 used different policies but it
We are using it. It's very simple to setup. All you need is a free OMS account,
and an Azure Subscription.
Once you setup your Azure Subscription, make sure you go into the Azure Portal
and change the subscription to Pay as you go. We confirmed with our TAM and an
Azure SME that there is no
Check the logs on the root of the site server.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Mote, Todd
Sent: Tuesday, April 11, 2017 8:08 AM
To: mssms@lists.myitforum.com
Subject: [mssms] 1702 prereq check fails
In a weird way. I have 4 total
In a weird way. I have 4 total installs, one is prod, one is qual, and the
other two are places where I test stuff like upgrading. All on Server 2012 R2
single site server, all roles on the same server, SQL 2016 no SP, though I
might give SP1 a try given some of the failures, all but prod are
I am also interested in this, and are in a similar situation where we have an
O365 tenant but no Azure per say. I spoke to MS rep and he said that the log
analytics ingestion service as you describe is free, you will need a CC to sign
up though. I have not pursued this as I am hoping my company
I was wondering if anyone has integrated Upgrade Readiness with System Center
Configuration Manager?
https://docs.microsoft.com/en-gb/sccm/core/clients/manage/upgrade/upgrade-analytics
We are looking into this now and there is a requirement for Microsoft
Operations Management Suite (OMS) for
27 matches
Mail list logo