Compliance – Page 2

A case of the unexplained: Intune password policy and forced local account password changes

Posted on April 27, 2021 by Trevor Jones in Compliance, ConfigMgr, Intune, Powershell, SCCM

Having a password policy is a best practice for security of accounts, whether domain, local or wherever passwords are used. In the Windows world, domain accounts have a default domain password policy. Azure AD accounts have the Azure AD password policy. Accounts local to Windows can have a password policy too, and you can use … Continue reading A case of the unexplained: Intune password policy and forced local account password changes →

Get the current patch level for Windows 10 with PowerShell

Posted on April 20, 2021April 22, 2021 by Trevor Jones in Compliance, Powershell, Reporting, Software Updates

I was working on some updates to our unified reporting solution for Windows Updates (ie WUfB + MEMCM) and I wanted to figure out simply from the OS build number whether a Windows 10 workstation has the latest cumulative update installed. The only reliable and useable static list I could find for Windows 10 build … Continue reading Get the current patch level for Windows 10 with PowerShell →

PowerBI Reports for Windows 10 Feature Update Compliance

Posted on November 23, 2020 by Trevor Jones in Azure, Compliance, PowerBI, Reporting, Software Updates

This morning I saw an interesting tweet from Sandy Zeng with a Log Analytics workbook she'd created for W10 feature updates based on Update Compliance data. I'd been meaning to create a similar report for that myself in PowerBI for some time, so I took inspiration from her tweet and got to work on something! … Continue reading PowerBI Reports for Windows 10 Feature Update Compliance →

Prevent Users from Disabling Toast Notifications – Can it be Done?

Posted on November 12, 2020 by Trevor Jones in Compliance, ConfigMgr, Powershell, SCCM

Another toast notifications post - this time to deal with an issue where users have turned off toast notifications. In my deployment of Windows 10 feature updates for example, I use toast notifications to inform users an update is available. Once we hit the installation deadline, the notifications become more aggressive and display more frequently … Continue reading Prevent Users from Disabling Toast Notifications – Can it be Done? →

Get Previous and Scheduled Evaluation Times for ConfigMgr Compliance Baselines with PowerShell

Posted on January 20, 2020 by Trevor Jones in Compliance, ConfigMgr, Powershell, Reporting, SCCM

I was testing a compliance baseline recently and wanted to verify if the schedule defined in the baseline deployment is actually honored on the client. I set the schedule to run every hour, but it was clear that it did not run every hour and that some randomization was being used. To review the most … Continue reading Get Previous and Scheduled Evaluation Times for ConfigMgr Compliance Baselines with PowerShell →

Inventory Local Administrator Privileges with PowerShell and ConfigMgr

Posted on May 25, 2017 by Trevor Jones in Compliance, ConfigMgr, Powershell, Reporting, SCCM, SQL

Any security-conscious enterprise will want to have visibility of which users have local administrator privilege on any given system, and if you are an SCCM administrator then the job of gathering this information will likely be handed to you! However, this task may not be as simple as it seems. Gathering the membership of the … Continue reading Inventory Local Administrator Privileges with PowerShell and ConfigMgr →

New Free Tool: ConfigMgr Remote Compliance

Posted on March 15, 2017 by Trevor Jones in Compliance, ConfigMgr, Powershell, Reporting, SCCM, Windows Troubleshooting

Today I released a new free tool for ConfigMgr administrators and support staff. ConfigMgr Remote Compliance can be used to view, evaluate and report on System Center Configuration Manager Compliance Baselines on a remote computer. It provides similar functionality to the Configurations tab of the Configuration Manager Control Panel, but for remote computers. It is … Continue reading New Free Tool: ConfigMgr Remote Compliance →

Deploying Custom Microsoft Office Templates with System Center Configuration Manager

Posted on March 8, 2017 by Trevor Jones in Compliance, ConfigMgr, Microsoft Office, Powershell, SCCM

Some time ago a wrote a blog describing a way to deploy custom templates for Microsoft Office applications using SCCM Compliance Settings. Since then, I have re-written the solution into something much more manageable as the previous incarnation was not very clearly defined in how to update templates, and involved some considerable admin overhead. This … Continue reading Deploying Custom Microsoft Office Templates with System Center Configuration Manager →

Export / Backup Compliance Setting Scripts with PowerShell

Posted on February 21, 2017 by Trevor Jones in Compliance, ConfigMgr, Powershell, SCCM, SQL

In my SCCM environment I have a number of Compliance Settings that use custom scripts for discovery and remediation, and recently it dawned on me that a lot of time has been spent on these and it would be good to create a backup of those scripts. It would also be useful to be able … Continue reading Export / Backup Compliance Setting Scripts with PowerShell →

Removing Disabled Computer Accounts from SCCM with PowerShell

Posted on September 1, 2016December 4, 2017 by Trevor Jones in Active Directory, Compliance, ConfigMgr, configmgr client health, Powershell, Reporting, SCCM

In System Center Configuration Manager there are 2 Site Maintenance tasks that help take care of stale or obsolete client records: Delete Aged Discovery Data and Delete Inactive Client Discovery Data. However in some cases some records can remain in SCCM and are not removed by these tasks, for example, when a system is no longer active but … Continue reading Removing Disabled Computer Accounts from SCCM with PowerShell →