Search This Blog


Thursday, 17 June 2021


Hi There,

My name is Dan, I currently work in London as a SCCM consultant on a working holiday from Australia.

I will be updating this blog from time to time with tips on application packaging and OS Deployment , specifically using MDT/SCCM.

If you have any questions dont hesitate to contact me.




Wednesday, 31 August 2016

Suppress Office 365 "First Things First"

You may have noticed when installing Office 365 via the Click to Run installer you get a popup like this for each user.

You will no doubt have seen many methods to make this go away, however in my testing none of the popular suggestions actually work, like:

1. Setting key for OptInDisable in SOFTWARE\Microsoft\Office\16.0\Common\General
2. Setting key for ShownFirstRunOptin in SOFTWARE\Microsoft\Office\16.0\Common\General
3. Setting key for Authorized in SOFTWARE\Microsoft\Office\16.0\Common\General
4. Setting key for AcceptAllEulas in SOFTWARE\Microsoft\Office\16.0\Common\General

These methods may work for standard Office 2016 installers (usually set via OCT) but for 365 because it is licensed per user this notification will be generated for each user account that runs office.

If you would like to properly suppress this you need to perform the following during OSD.

1. Find a step after you install Office 365 in your task sequence. 
2. If you have a batch file or script that does windows customisations add the following to it (or create a new script).

(Step in TS - script is in SetDefaultsW10,cmd)

What we are doing here is loading in the Default User registry hive and adding the entry which is created when each user accepts the EULA.

We do this via OSD as the key has the computers hostname within it, and making this dynamic from a Group Policy preference is not easily achieved.

Also, i set the following

Disable "Make Skype better "

Value: UserConsentedTelemetryUpload
Key: HKCU\SOFTWARE\Microsoft\Office\16.0\Common\General

Disable "file type prompt on EU only"

Value: ShownFileFmtPrompt
Key: HKCU\SOFTWARE\Microsoft\Office\16.0\Common\General

NB. In SetDefaults,cmd i also set speech language to en-GB and set up DesktopInfo.



Monday, 15 August 2016

Disable Microsoft Edge First Run

To disable Microsoft Edge first run you have to jump through a few hoops. Luckily i've done this for you.

Many blogs state that you just need to change the value of "IE10TourShown" in the following:

[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main]

However this is not enough. To fix edge you need to set these values.

I deploy these values by Group Policy Preferences.

Open your relevant workstation policy and navigate to :User Configuration>Preferences>Windows Settings>Registry 

From here add a registry items for all settings above from HKEY_CLASSES_ROOT.

Next, create a folder (collection item) and within in add all the items above from HKEY_CURRENT_USER. Once added, right click on your collection folder, navigate the "common" tab, and select "Run in logged-on users security context (user policy option)" .

And thats it, with this set users should not see the "first run" edge wizard. Further configuration of edge can be made from Admin Templates>Windows Components>Microsoft Edge. 



Thursday, 19 May 2016

DirectAccess Troubleshooting

Hi All Direct Access users, 

If you experience clients who have not been able to ever connect to direct access, it may be because the initial GPO for Direct Access was never processed 100% successfully.

Please perform these troubleshooting steps.

Open command prompt and enter: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

If you see this:

This means IPV6 has not been enabled, to fix this, open the registry and change this value to 0.

You will now see.

If IPV6 Is fine, perform a “Ipconfig /all”

You should see the the adaptors named:


If you do not see these adaptors, you need to manually install the Teredo Adaptor. To do this Open Device Manager > View: Show Hidden Items

Click “Action/Add Legacy Hardware”


Click Next>”Install the hardware I manually select from a list”

Scroll to “Network Adaptors” and click Next, wait.

Select Microsoft/Microsoft Teredo Tunneling Adaptor and install.

Reboot and test direct access again, it should now work.



Tuesday, 17 May 2016

Windows Phone 8.1 Will Not Enroll To Intune

Oh Microsoft.. you mysterious beast.

I was recently informed by one of my Techs that he could not enroll a Windows Phone to our Hybrid Intune/SCCM setup. I found this quite strange as nothing on our end had changed significantly, well other than updating my SCCM to 1602 a few weeks prior. I tested a IOS device and it enrolled just fine.

A small diagram on how Intune in Hybrid mode should work:

The user he was trying to enroll was getting the following error on a windows phone:

Early investigating led me to checking the relevant log files for Intune, this is what i saw in the dmpdownloader.log

ConnectorSetup.log  showed the following:
 "<05/09/16 16:42:29> CTool::RegisterManagedBinary: Failed to register C:\Program Files\Microsoft Configuration Manager\bin\x64\IntuneContentManager\Microsoft.ConfigurationManager.IntuneContentManager.dll with .Net Fx 2.0"

The SC_Online_Issuing certificate was showing the following:

Steps i performed to attempt to remedy these issues were:
I did the following:

1.       Manually removed cert.

2.       Removed service connection point

3.       Removed Intune subscription

4.       Rebooted site server

5.       Setup intune/scp

6.       Certificate regenerated.
After performing the above i tried re-enrolling a Windows Phone 8.1 and received the same error. I ended up performing the same steps above a number of times. 
At this point i took to Microsoft and logged a support call. I was already drinking heavily at this time in frustration to what seemed to be an unfixable problem. I tried everything i could think of......but sometimes the most painful issues have the stupidest fixes...or so it is when dealing with Microsoft products. 

This is the resolution from microsoft!

Go to Administration >>Cloud Services>>>Right Click on the Intune Subscription >>>and configure Platforms
Click on Windows Phone 8.1 uncheck, then apply the change, then recheck. 

Of course! why didnt i think of that! I would have assumed removing the ENTIRE CONFIGURATION four times would have accomplished this. From what i can see this isnt documented anywhere, so i hope this solves your issue if you run into the same problem.

NB. The errors you see in the screenshots like "check whether this site has an intune subscription" seem to be a red herring, they dont actually indicate an issue as far as i can tell. 



Friday, 6 May 2016

Exchange: List all ActiveSync Users & PhoneNumbers

Here is a script that will list you all Exchange users with a specific ActiveSync policy, it will link the users to their AD objects and list their Mobile Number if present.

Hopefully this helps someone..



Remove Objects Powershell Tool

Hi All,

Like most of you i try and make peoples lives easier and remove repetitive tasks. If you are like me and use "All Unknown Computers" to deploy your OSD to you will also be fairly familiar of making sure you have cleared an object from the SCCM Database before trying to reimage, otherwise ... well its not Unknown now is it?

Typically this would involve a tech opening AD searching for the computer and removing it, then opening the SCCM console and doing the same.

I thought i would write a simple little tool to take the repetitiveness away..  here it is in action:

The tool will list all objects in your specified OU with name and description. You can then either delete from SCCM, AD or Both.

Here is the full Code.

I suggest saving this as a .ps1 file and then compiling to an EXE with PowerGUI or similar.

You will need to edit lines:

263 (SCCM Server Address).
264 (SCCM Site Code XXX)
265 (AD SearchBase)