Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

Robby Moeyaert

My feedback

  1. 75 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Ideas » Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
    Robby Moeyaert commented  · 

    Basically a lot of configuration is done via GPO that can be quite critical during OSD.

    Main example: Bitlocker.
    Quite often you have a Bitlocker GPO defined that says for example "Encryption is AES-256, store TPM password in AD".

    However, during OSD, as this GPO doesn't apply, the TS will just use the default settings of Windows, which in this case would be enabling Bitlocker with AES-128, which isn't what you want.

    The current workaround is manually using "run commandline" steps in your TS to set the exact registry keys you set with that GPO. That's redundant work and can be error prone.

    There are many other examples like this too.

    Beyond that, by default after OSD finishes GPO hasn't applied. You need to use some _SMSTSPostAction to do a gpupdate /force and reboot to be even closely sure that GPO will be applied. This is important in high security environments where GPOs are used to enforce a Secure Configuration Baseline such as the CIS benchmark.

    Robby Moeyaert shared this idea  · 
  2. 36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas » Asset Management  ·  Flag idea as inappropriate…  ·  Admin →
    Robby Moeyaert shared this idea  · 
  3. 22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  6 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
    Robby Moeyaert commented  · 

    yes, lack of control of how dependencies are installed (or just control of general order of installation) is why we are not using App model right now and are sticking to TS and Packages.

  4. 334 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  14 comments  ·  Ideas » Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
    Robby Moeyaert commented  · 

    Or just add a "process Group Policy" step to Task Sequence.

  5. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  0 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
    Robby Moeyaert shared this idea  · 
  6. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  3 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
    Robby Moeyaert supported this idea  · 
    Robby Moeyaert commented  · 

    By extension, just allow TS to be deployed to user collections. I love "user-centric" stuff, but I hate that I can only send applications user-centric. TS are insanely powerful tools, but I'm forced to do it machine-based.

Feedback and Knowledge Base