web analytics


We’re Back!

Well, It’s been a while, what with the whole pandemic nightmare, a site failure and just generally being busy, I’ve not had a lot of spare time to keep this up to date.


Hopefully now, I’ll be able to start posting on here again with a variety of tech dumps on anything from Windows, ConfigMgr, SQL, PowerShell, SCOM and even some Linux here are and there.


Stay safe and let get to work!

DPM 1801: Resolving Error 4387

Just spent the whole day trying to re-install DPM 1801 (Server 2016 / SQL 2016 SP2 CU5) after major issues, only for it to fail with the dreaded “4387” error..

Already had SSMS v16.5.3 installed so wasn’t that. spent several hours of retries, including a reinstall of SSMS 16.5 with no luck.

Eventually got it installed by running “mofcomp” to recompile all the SQL Server MOF’s..

Fortunately, I had a powershell script that loops through each version of SQL Server:

Reran the DPM Installer and bingo! It started to install

OSD – Enforce Default User Background

To ensure that the same background is applied to all users when they log in, you can add two Task Sequence steps that will automatically set their background to whatever you specificy it to be..

Then we can set the style, or how it will apply…

There are 6 possible values:

Wallpaper StyleValue Data

Rermember to replace <PATH>\background.jpg with the actual path of your file (No quote marks or the image wont be applied!)

Updating Windows Admin Center reset SSL Certificate Thumbprint

I recently updated Windows Admin Center using ConfigMgr ( post here)


However, If, like me, you use a CA-Issues SSL Certificate, then be aware that the update process resets the thumbprint back to a self-signed cert for the server.

In my case, I had a wildcard cert for *.gattancha.co.uk, but after the update, an invalid SSL error was presented in Chrome, and the expected certificate was for “servername.mydomain.lan”

Quick fix is to re-enter your thumbrpint by going to Programs and Features, finding “Windows Admin Center” and clicking Change, then follow the “Change” wizard and replace the thumbprint

Restart the “Windows Admin Center” and refresh the web browser and the certificate will be trusted again.

Another option I am looking at is to script the change, possibly with the advise from this post

Windows Admin Center now in ConfigMgr SUP

Was updating ConfigMgr’s Software Update Product List and came across this:


OSD – Remove Edge Icon from Windows 10

Here is how to remove the Edge Icon from the desktop on Windows 1803:

Create a new “Run Command Line” step with the following command:

And voila – the Icon is gone!

(Credit for Reg Hack goes to  NathanielArnoldR2 on Reddit)

OSD – Activate VM using Hyper-V AVMA Key

If you are running Hyper-V on Windows Server 2016 DataCenter, then one nice feature is that you can activate VMs running a Server Standard / DataCenter guest OS using a special “Automatic Virtual Machine Activation” key.

The keys are:

Operating SystemKey
Windows Server 2012 R2 EssentialsK2XGM-NMBT3-2R6Q8-WF2FK-P36R2
Windows Server 2012 R2 Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Windows Server 2012 R2 DatacenterY4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Windows Server 2016 Essentials B4YNW-62DX9-W8V6M-82649-MHBKQ
Windows Server 2016 StandardC3RCX-M6NRP-6CXC9-TW2F2-4RHYD
Windows Server 2016 Datacenter TMJ3Y-NTRTM-FJYXT-T22BY-CWG3J

So naturally, I incorporated it as a step in my Task Sequences for Server deployments.

First, I created a Group called “VM Guest Actions” and gave it the following condtions:

This ensure the following steps only apply to Virtual Machines..

For each step in this group we also need to ensure it only applies to qualifying VMs – in this case – 2016 DataCenter

Apply this to all steps in the group – changing the condition as appropriate for your Server OS.

First step we need is to assign the AVMA key, so create a new Command Line step with the following command:

Remember to replace the key for your version of windows..

Next step is to activate the key:

So, again, we need another Command Line step with the following command:

Again, remember to filter it for your desired OS Version.


Now when, you build a server OS and its a VM on a DataCenter Host, it will get activated.



OSD – Default User Settings

This post will guide you through how to make user settings apply to all users who login to the machine

We do this by temporarily mounting the Default User hive and injecting the required settings into the appropriate place.

Mount the Default User Hive

Add a new “Run Command Line” step, give it a suitable name and then add the following command line:

Make note of the “HKU\DU” portion – this will replace all references to HKU  or HKEY_CURRENT_USER and ensures your settings are applied correctly

Add Your Registry Keys

Here will will add the registry setting that will hide the People Icon from the Taskbar

Hide People Button

So first, we need to add another “Run Command Line” step, name it – in the example above I named it “Modify Registry – Hide People Button”

Next, in the command line enter:


Repeat all this until you have added all your registry keys

Other settings I use are:

Default LockScreen

This only works on Server 2016 and Windows 10 Enterprise or Education Editions

Just replace “<PATH>\lockscreen.jpg” with the path to your desired lockscreen file.

Remove 3D Builder Folder

(Notice that this is in the “Local Machine” portion of the Registry, but works just the same here!

Show the Search Icon:

Set Powershell on Win X (Right clicking the start menu)

(Though I think this one is redundant now since windows 10 v1709 – but still valid for Server 2012 & 2016)


Set Cortana Voice  (eg UK Susan)

Change this to suit your language – and ensure you’ve installed the correct Language pack and additions!

Unmount the Default User Hive

This is similar to the “Mount the Default Hive” step, but with this command line:


OSD – Monitoring OSD Deployments

Unfortunately, ConfigMgr doesn’t have a default filter for monitoring what is happening during an OS Deployment

Fortunately, it is rather easy to create a filter yourself

Open the Console and head to the Monitoring section, expand System Status and then on “Status Message Queries”

Now, Click on the “Create Status Message Query” on the ribbon..

Enter a name for your query – (EG OSD Deployment Monitoring) then click  on Edit Query Statement

Click “Show Query Language” and copy the following code into the box:

the text that is preceded by ## will act as a prompt for you later.

The window should now look like this:

Click OK until all the dialogs are closed.

Your query is almost ready to run.. All we need now is the Deployment ID you want to monitor.

This is obtained by going to your Task Sequence, Clicking on the “Deployments” tab and adding the “Deployment ID” column

Make a note of the Deployment ID then go back to your query in Statue Message Queries and run your query by selecting it and clicking “Show Messages” (Don’t double click it or you will open the editor!)

Click the “Property Value” and either type in your Deployment ID, or click on “Load Existing” and find it in the dropdown box

Finally, click on Time and choose the appropriate time range.

Your query will now be running and you can refresh (or set an auto-refresh) to see where your deployment is up to!

OSD – Installing Updates to new Machines

Here I’ll walk you through how I use the “Install Software Updates” step in your Task Sequences to allow you to install Software Updates during an OSD deployment of a new machine.

If a machine is already in ConfigMgr, then the step will use the SUG’s already deployed to any collection the machine is already a member of as normal.

To do this, you first need to create a Software Update Group (SUG) that contains all the updates you want to deploy.

I called my “SUG – OSD Updates” and will contain ALL my updates for Server 2016, Windows 10 and any applications

To create the actual SUG I had to open an existing one, select an update and then “Create Software Update Group”.

Then, its a case of going through all your SUGs, opening them up and editing the memberships to include those updates in the new SUG as well as their current one.

Once done, deploy it to the “All Unknown Computers” group as required.

Now, in your TS, create a new group – such as “Software Updates”… near the end of the task sequence so that everything has been installed and configured

Add 2 new steps

Run Command Line – We need this to then do a Software Update scan so add the following command to this step:

Install Software Updates – Now we actually install the updates..

There are 2 options available – Required and Available – these correspond to the deployment type you chose before, so since I used “Required, I will chose that here too.

And that’s all there is to it!  Now, when you next image a machine, the software updates in the SUG you deployed will be installed

Just be warned that this will significantly increase your deployment times.

%d bloggers like this: