RE: [mssms] GPO Update Disable Manual MS checks

And of course, it’s changed in 1703 – the “defer” option is gone and now there is a “pause” option. No one knows if these are the same, different, or something else. J From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Hyatt, Dewayne Sent: Tuesday, April

RE: [mssms] GPO Update Disable Manual MS checks

For reference this is the documentation I used when we moved to 1607: https://technet.microsoft.com/en-us/itpro/windows/update/waas-manage-updates-configuration-manager It seems that it contradicts the blog about dual scan. From: listsad...@lists.myitforum.com

RE: [mssms] GPO Update Disable Manual MS checks

I’ll admit that I have been off task for a little while with other projects. I didn’t realize this was a daily thing ☹ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich Sent: Tuesday, April 11, 2017 10:49 AM To: mssms@lists.myitforum.com

RE: [mssms] GPO Update Disable Manual MS checks

So since it’s patch Tuesday it looks like I’m going to have to tear down all of my Windows 10 servicing in SCCM so that my clients don’t go to MS for updates today… what fun. I was hoping that something would be fixed at least by 1703 but your comments don’t make me very confident in that. I

RE: [mssms] GPO Update Disable Manual MS checks

Whoops… I had read that blog a while back but apparently not well enough. I am confused now though. I am using a GPO to define what branch our Windows 10 clients are in for Windows 10 servicing in SCCM. I thought that was the correct way to do it. I saw 1607 used different policies but it

Re: [mssms] GPO Update Disable Manual MS checks

The fact that we are still having this conversation daily over the past few months means that Microsoft is really screwing the pooch here. On Tue, Apr 11, 2017 at 9:42 AM, Hyatt, Dewayne wrote: > Whoops… I had read that blog a while back but apparently not well enough. > > >

RE: [mssms] GPO Update Disable Manual MS checks

We just had confirmation on the back-end that not much changes here, the blog post is still valid, don’t set anything. Question though, what do you mean tear down your servicing? Servicing in ConfigMgr has nothing to do with the issues being discussed. J From: listsad...@lists.myitforum.com

[mssms] RE: Opinions Local Admin

Rebuild the machine. The desktop managers decided it was “easier” to just rebuild the machine than manually join it to the domain. The most common reason for a machine getting knocked out of the domain is because the right-hand wasn’t talking to the left-hand and someone build a second

[mssms] RE: Opinions Local Admin

What do you do for domain join issues, where local accounts are the only option? Daniel Ratliff From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marable, Mike Sent: Tuesday, April 11, 2017 2:15 PM To: mssms@lists.myitforum.com Subject: [mssms] RE:

[mssms] April 2017 - Microsoft security updates?

Has Microsoft released the security updates for April 2017? Not seeing the April 2017 Security bulletin talking about what is being released.

Re: [mssms] April 2017 - Microsoft security updates?

http://myitforum.com/myitforumwp/2017/04/11/errors-during-wsus-update-synchronization-for-april-2017-updates/ On Tue, Apr 11, 2017 at 3:32 PM, HELMS, DAVID C wrote: > Has Microsoft released the security updates for April 2017? Not seeing > the April 2017 Security bulletin

RE: [mssms] GPO Update Disable Manual MS checks

Maybe I misunderstood then. I thought that when you define a servicing plan that you have to pick the update ring (CB or CBB) and that the targeted clients are set to either ring using defer windows updates GPO’s. This is how I was setting my Windows 10 clients to the CBB ring. Is that not

[mssms] RE: Opinions Local Admin

I have been dying to implement Microsoft LAPS, but bureaucracy is holding me back… Have you looked at LAPS? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John Sent: Tuesday, April 11, 2017 1:37 PM To: mssms@lists.myitforum.com Subject: [mssms]

[mssms] RE: Opinions Local Admin

Microsoft has a tool for that… Local Administrator Password Solution (LAPS)

[mssms] Opinions Local Admin

Hi, We are talking about creating unique local admin passwords for our systems (vs changing it regularly). I’m wondering how many folks actually create unique local admin passwords vs just changing it regularly?

[mssms] RE: Opinions Local Admin

We are looking to utilize this product which will do it for you. You can either pay for the automation or do it manually. https://thycotic.com/products/secret-server/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John Sent: Tuesday, April 11,

Re: [mssms] April 2017 - Microsoft security updates?

Microsoft does not recommend turning off upgrades in SCCM environments at this point since that will expire all of the upgrades in SCCM environments until the upgrades classification is rechecked and resynced. If you really need to get the updates synced, you can attempt this but note that it

Re: [mssms] April 2017 - Microsoft security updates?

I checked mine prior, I had not updates with that classification. I believe this is related to Windows 10. https://blogs.technet.microsoft.com/wsus/2015/12/03/important-update-for-wsus-4-0-kb-3095113/ On Wed, Apr 12, 2017 at 10:36 AM, s kissel wrote: > Microsoft does not

Re: [mssms] April 2017 - Microsoft security updates?

Had the same issue, disabling the upgrade classification has worked for us. On Wed, Apr 12, 2017 at 7:15 AM, HELMS, DAVID C wrote: > Thanks. I also see that Microsoft is no longer doing the monthly > bulletins but now using a Security Updates portal. > > > > *From:*

RE: [mssms] GPO Update Disable Manual MS checks

No. This choice is a feature update selection mechanism that helps determine what to include in the resulting update group. It is not a targeting mechanism and thus is not dependent on the defer updates setting on clients. You use collections just like you always have/do to target servicing

RE: [mssms] April 2017 - Microsoft security updates?

Thanks. I also see that Microsoft is no longer doing the monthly bulletins but now using a Security Updates portal. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Steve Whitcher Sent: Tuesday, April 11, 2017 4:49 PM To: mssms@lists.myitforum.com

[mssms] RE: Opinions Local Admin

Totally agree on LAPS. Probably the best ROI on effort for anything security related. Very easy to rollout. This is probably the best guide I have seen on rolling it out. https://flamingkeys.com/deploying-the-local-administrator-password-solution-part-1/ 2nd Place would be Credential Guard.

[mssms] RE: 1702 prereq check fails

Check the logs on the root of the site server. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd Sent: Tuesday, April 11, 2017 8:08 AM To: mssms@lists.myitforum.com Subject: [mssms] 1702 prereq check fails In a weird way. I have 4 total

[mssms] RE: Upgrade Readiness with System Center Configuration Manager

We are using it. It's very simple to setup. All you need is a free OMS account, and an Azure Subscription. Once you setup your Azure Subscription, make sure you go into the Azure Portal and change the subscription to Pay as you go. We confirmed with our TAM and an Azure SME that there is no

[mssms] RE: Upgrade Readiness with System Center Configuration Manager

I am also interested in this, and are in a similar situation where we have an O365 tenant but no Azure per say. I spoke to MS rep and he said that the log analytics ingestion service as you describe is free, you will need a CC to sign up though. I have not pursued this as I am hoping my company

[mssms] 1702 prereq check fails

In a weird way. I have 4 total installs, one is prod, one is qual, and the other two are places where I test stuff like upgrading. All on Server 2012 R2 single site server, all roles on the same server, SQL 2016 no SP, though I might give SP1 a try given some of the failures, all but prod are

[mssms] Upgrade Readiness with System Center Configuration Manager

I was wondering if anyone has integrated Upgrade Readiness with System Center Configuration Manager? https://docs.microsoft.com/en-gb/sccm/core/clients/manage/upgrade/upgrade-analytics We are looking into this now and there is a requirement for Microsoft Operations Management Suite (OMS) for