Showing posts with the label Configmgr

How to enable iOS unmanaged apps to read managed contacts & write unmanaged contacts without compromising security using Microsoft Intune

The contacts saved in Exchange is considered managed contacts. with iOS 12 onwards managed contacts are not visible from unmanaged Apps. As stated in Apple Article (  iOS 12, you can use MDM to make the following exceptions to this policy: Allow unmanaged apps to access managed contacts Allow managed apps to save contacts to the local Contacts app Microsoft Intune have introduced new feature, but it has pre-requisite to "Viewing corporate documents in unmanaged apps" to write contact to unmanaged app and "Viewing non-corporate documents in corporate apps" to read managed contacts in unmanaged app.  This can be security issue for many organisations. However, you can enable this without changing the parent policy by following trick! Go to iOS restriction settings in Intune, go to 'App Store, Doc Viewing, Gaming controls'. As highlighted above 'Allow managed apps to write contacts

SQL Query to get Mobile Device and Primary Users from Microsoft Configmgr

Following query will give you list of the mobile device managed by Intune and its user from Configmgr. SELECT        dbo.v_R_System.Name0, dbo.v_GS_DEVICE_COMPUTERSYSTEM.IMEI0, dbo.v_GS_DEVICE_COMPUTERSYSTEM.PhoneNumber0, dbo.v_GS_DEVICE_COMPUTERSYSTEM.DeviceManufacturer0,                           dbo.v_GS_DEVICE_COMPUTERSYSTEM.DeviceModel0, dbo.v_GS_DEVICE_COMPUTERSYSTEM.SerialNumber0, dbo.v_GS_DEVICE_COMPUTERSYSTEM.TimeStamp AS Expr1,                           dbo.v_GS_DEVICE_COMPUTERSYSTEM.FirmwareVersion0, dbo.v_GS_DEVICE_COMPUTERSYSTEM.SoftwareVersion0, dbo.v_R_User.Full_User_Name0, dbo.v_R_User.Name0 AS UserID,                           dbo.v_R_User.User_Principal_Name0 FROM            dbo.v_GS_DEVICE_COMPUTERSYSTEM RIGHT OUTER JOIN                          dbo.v_R_System INNER JOIN                          dbo.v_UsersPrimaryMachines INNER JOIN                          dbo.v_R_User ON dbo.v_UsersPrimaryMachines.UserResourceID = dbo.v_R_User.ResourceID ON dbo.v_R_Sys

ConfigMgr Task Sequence Error 0X8004005

I am working on couple of exciting SCCM Projects and still learning something new every day. I have been figuring out why SCCM task sequences are not deploying to workstations. Client was showing following error prior to showing option to select task sequence. Usually, you receive error 80004005 if time is not set correctly on computer or there is mismatch between SCCM DP/Primary site time and client time. In may case issue caused due to SHA1 Certificate chain. Somehow client have not upgraded their certificate authority to Sha2 due to some limitation with one of the applications. SCCM has been configured with SHA1 Certificates.  However, i forgot to untick the box 'Require SHA-256'.As a result , Boot image was failing to communicate with SCCM Management. To fix the issue untick 'Require SHA-256 from \Administration\Overview\Site Configuration\Sites. As shown below. Happy SCCM....

ConfigMgr CB Backup Failing

SCCM site backup was failing with following error,  smsbkup.log showing following error. Cannot find the dependent writer. The dependant component cannot be backed up. AddDependentComponent(pDependency) failed. Error code = 0x80,004,005.Error description = . Error: GatherWriterMetadata failed. 1. To fix this issue  Run 'VSSAdmin list writers' command. 2. Ensure following writers listed. 3. If you identify these two writers are not listed, restart 'SQL Server VSS Writer' if SQLServierWriter' is missing or 'SMS_Site_VSS_Writer' if SMS writer is missing. 4. 'VSSAdmin list writers', ensure both services are listed. 5. start sms_site_backup service to start backup, monitor smsbkup.log, ensure backup completed successfully.

Dell Latitude 7480 Unable to Detect NVMe Drive

Dell Latitude 7480 Unable to Detect NVMe Drive while PXE booting using UEFI secureboot. To fix the issue download ' Intel Rapid Storage Technology Driver and Management Console' drivers from Dell Website.   Extract all drivers files, go to Drivers\Prodcution\Windows10-x64.  Inject iastoreAC.INF file drivers using DRVLoad command during PXEboot or in the bootimage. i.e Drvload \path\iastoreac.inf