Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM

Let’s discuss the Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM. Microsoft released Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709).

Group Policy tools use Administrative template files to populate policy settings in the user interface.

This allows administrators to manage registry-based policy settings. In this post, we will see “Configure ADMX ADML WMI Filter for Windows 10 1709 Devices.” We are still waiting for the Windows 10 1802 admx file.

The ADMX files contain the technical information for the settings, such as the registry critical path and values set for Windows 10 1709. The ADML had the language-specific displayed text when you went into the Group Policy Management Console to edit real GPOs.

What are ADMX and ADML Files? Configure Group Policy ADMX – Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM

Redstone 3,” or RS3) ADMX files should be copied to the “C:\Windows\PolicyDefinitions” folder. The ADML files are language-specific files, and they should be copied to the “C:\Windows\Policy Definitions/En-US” folder if you have only En-US machines.

Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM - Fig.1
Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM – Fig.1

Group Policy Errors After ADMX File Import

I received the following error when I copied Windows 10 1709 ADMX files should be copied to the “C:\Windows\PolicyDefinitions” folder. But I didn’t copy ADML files to  “C:\Windows\ Policy Definitions/En-US“.

An appropriate resource file could not be found for the file C: Windows\PolicyDefinitions\AdmPwd.admx (error=2): The system cannot find the files specified.

Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM - Fig.2
Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM – Fig.2

How to Configure Windows 10 Related ADMX ADML WMI Filter

The issue was resolved after the ADML file was sent to the respective language folder, as mentioned below.

Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM – Video 1

What are WMI Filters – Group Policy Management

I’m not a big fan of using WMI filters to apply Group Policies to Windows 10 devices. However, WMI Filters can help when using certain policies based on special characteristics of instruments like Operating System version, network configuration, or other criteria.

The MOF files can be imported into the group policy management tool to create WMI filters. However, I would deploy MDM policies to Windows 10 devices using SCCM or Intune. The video tutorial provides more details.

WMI Filters
Internet Explorer 11
Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM – Table 1
Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM - Fig.3
Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM – Fig.3

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr

How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr. SCCM offers methods for upgrading existing Windows 10 devices to the newest version of Windows 10 1709, the Windows 10 Fall Creators Update.

One way to upgrade Windows 10 is using the “Windows 10 servicing” option in SCCM CB 1706. The other way is using the method I will explain in this post. This post will see “How to Create SCCM Windows 10 1709 In-Place Upgrade Task Sequence.”

Let’s understand what an SCCM Task Sequence is. A task sequence performs multiple steps or actions on a client computer at the command line level without user intervention.

Select the type of task sequence to create. A task sequence template (provided by default) is offered to upgrade the Windows 10 operating system to the latest version.

How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr

How to Create SCCM CB Task Sequence to Upgrade Windows 10 1709. There are methods in SCCM to upgrade existing Windows 10 devices to the newest version of Windows 10 1709.

The latest version of Windows 10 1709 is called Windows 10 Fall Creators Update. One way to upgrade Windows 10 is using the “Windows 10 servicing” option in SCCM CB 1706.

How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr – Video 1

How Do You Create a Windows 10 OS Upgrade Package in SCCM?

Before creating the Windows 10 upgrade task sequence, let’s complete the prerequisite: create a Windows 10 operating system upgrade package. Navigate via SCCM CB console—Software Library workspace, right-click the Operating System Upgrade Packages node, and select Add Operating System Upgrade Package.

Browse the data source for the operating system upgrade package. Specify the operating system upgrade package. Provide the Windows 10 1709 Enterprise x86 or x64 binary network share location. Select the Windows 10 architecture and the base language.

  • On the next page, enter the name of the Windows 10 1709 upgrade package. That’s it; you’re done.
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr - Fig.1
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr – Fig.1

How to Create Windows 10 in-place Upgrade Task Sequence

Navigate via SCCM CB console – Software Library workspace – right-click the Task Sequences node, then select Create Task Sequence. On the Create a new task sequence page, select Upgrade an operating system from the upgrade package and click Next.

Enter the name of the Task sequence—Windows 10 1709 Enterprise Upgrade. Upgrade the wizard’s Windows operating system page. As a first step, you must select the Windows 10 1709 upgrade package we created. The wizard will list all the available Windows 10 editions as part of the upgrade package.

How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr - Fig.2
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr – Fig.2

Select the Windows 10 1709 Edition – Enterprise x64 

With this upgrade task sequence, I plan to upgrade the Windows 10 Enterprise version to the latest one called Fall Creators Update (1709 – RS3). Also, you can enter licensing details if you have any. Otherwise, you can use the KMS server to activate Windows after the upgrade (Whenever required).

Select the Software Updates that Should Be Installed 

If you already have an enterprise version of Windows 10 1703, it won’t ask for activation again (after the 1709 upgrade). In the “Include software updates” page of Create Task Sequence, we have 3 options.

Select the Software Updates that Should Be Installed Details
Required for installationMandatory software updates only
Available for installationAll Software Updates
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr – Table 1
  • Required for installation – Mandatory software updates only
  • Available for installation – All Software Updates
  • Do not install any software updates.

On the next page, we can select the applications to be installed as part of the Windows 10 1709 upgrade process. I have added Mozilla Forex to the Windows 10 1709 in-place upgrade.

How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr - Fig.3
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr – Fig.3

Overview SCCM CB Windows 10 in-Place Upgrade Task Sequence

There are 5 groups in the Windows 10 Enterprise 1709 Upgrade task sequence. Prepare for Upgrade is the first stage, where it will analyze the machine to determine whether it’s eligible for a Windows 10 1709 upgrade. Enough disk space and memory are available on the device.

Upgrade the operating system is the task sequence group where the actual in-place upgrade of Windows 10 1709 will happen. Post-installation is the stage where we set the installation of the packages or applications.

One group missing in the video tutorial is the Software Update group or task. The last and final group of this Windows 10 1709 upgrade task sequence is for rollback. This action will take place when the upgrade is failed.

  • Success: The task sequence has been created successfully.  
  • Success: Create a new task sequence – • Name: Windows 10 Enterprise Upgrade  
  • Success: Upgrade the Windows operating system – • Installation source media:  Win10  en-US• Edition index: 3  
  • Success: Include software updates• Install software updates: Do not install any software updates  
  • Success: Install applications• Install the application: Mozilla Firefox (ach)• If an application installation fails, continue installing other applications in the list: No
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr - Fig.4
How to Create SCCM Windows 10 Upgrade Task Sequence Configuration Manager ConfigMgr – Fig.4

Reference

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Delete Windows.OLD Folder from Windows 10 Device

Don’t try to delete Windows.OLD folder from Windows 10 device via Windows Explorer. You won’t be able to remove Windows. Old folder via Windows Explorer.

I have tried to delete this folder via Windows Explorer many times but have never succeeded. In this post, we will see the method for Deleting the Windows.OLD Folder from a Windows 10 Device.

The Windows.OLD folder is where the previous installation Windows version is stored. It is created when we upgrade from one version of Windows 10 to another.

For example, when you perform an in-place upgrade of Windows 10 1703 to Windows 10 1709, the Windows.OLD folder will be created.

How to Remove Clean Delete Window.OLD Folder from Windows 10 Machine

In this post, you will get all the details on how to delete Windows.OLD folder. Free up C drive space. Don’t try to delete by right-clicking on Windows.OLD folder and delete. It won’t work very well.

How to Delete Windows.OLD Folder from Windows 10 Device – Video 1

What is there in Windows.OLD Folder?

I will give you the answer to this question depending on your answer to the following question: Are you planning to restore the device’s previous version of Windows 10?

How to Delete Windows.OLD Folder from Windows 10 Device - Fig.1
How to Delete Windows.OLD Folder from Windows 10 Device – Fig.1

Is it Safe to Delete Windows.OLD Folder from Windows 10 Device?

For example, If you have upgraded to Windows 10 1709 and want to restore the previous version of Windows 10 (1703), In this scenario, you need to have the Windows.OLD folder. Otherwise, you won’t be able to restore your device to the previous version of Windows 10.

How to Free up More Space in the C Drive of a Windows 10 Machine?

Check whether you have a folder named Windows.OLD in C drive. If so, you can remove or delete that Windows.OLD folder to get more free space on your C drive. You should get around 25 GB of free space on your Windows 10 machine’s C drive.

How to Delete Windows.OLD Folder from Windows 10 Device - Fig.2
How to Delete Windows.OLD Folder from Windows 10 Device – Fig.2

How to Clean-up / Delete / Remove Windows.OLD Folder from Windows 10 Device?

Open Windows Explorer, Click “This PC,” Right-click on the C drive, and go to properties. In the properties of the C drive, click the Disk Cleanup button.

Disk Cleanup doesn’t have an option to delete the previous installation of Windows 10, so the “previous installation of Windows” option doesn’t appear in the Disk Cleanup option.

Windows.OLD folder contains the System Files of Windows 10. Hence, we need to click on the “Cleanup System Files” button to get the option to delete Windows.OLD folder. Select “Previous Windows Installation(s)” to free up 22.2 GB of space on the C drive. Click on the OK button to start deleting the Windows.OLD folder from the C drive.

How to Delete Windows.OLD Folder from Windows 10 Device - Fig.3
How to Delete Windows.OLD Folder from Windows 10 Device – Fig.3

Will Windows Automatically Delete the Windows. Old Folder?

Windows won’t delete the Windows old folder. I tested this on my production machine after the Fall Creator Update of Windows 10. The content of Windows. The old folder has been removed, and the folder is zero sizes, but the Windows. The old folder is still present.

Do you want to delete the folder manually? There is no need to do that because it is not beneficial. Per my testing, this clean-up action occurred 11 days after the folder’s creation date.

Windows .old PropertiesDetails
Contains0 Files and 673 Folders
Created 19th October 2017
How to Delete Windows.OLD Folder from Windows 10 Device – Table 1
How to Delete Windows.OLD Folder from Windows 10 Device - Fig.4
How to Delete Windows.OLD Folder from Windows 10 Device – Fig.4

More details about the programmatic way to remove WIndows.OLD is explained here.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Security Compliance Manager SCM Installation Video Configuration Manager

Let’s discuss the Security Compliance Manager SCM Installation Video Configuration Manager. Security Compliance Manager (SCM) provides security baseline management for organizations.

This post will see the Security Compliance Manager Installation Video Guide. SCM helps accelerate your organization’s ability to manage the security and compliance process efficiently.

SCM is mainly used to set up Microsoft technologies ‘security and compliance baselines. It includes support for Server Operating Systems, Client Operating Systems, IE, Office, Exchange, and Microsoft MCS USGCB (United States Government Configuration Baseline). The Security Compliance Manager Installation Video helps to install and configure SCM v4.

SCM 4.0 supports Windows 10 and Server 2016 baselines and bug fixes. SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and SCCM.

Microsoft Visual C++ 2010 Redistributable, .NET Framework 3.5, and SQL Server 2008 Express got installed during SCM installation. This software is a prerequisite for SCM.

Security Compliance Manager SCM Installation Video Configuration Manager

We need to install .NET Framework 3.5 on Windows 10 machines as it comes with .NET Framework 4.0 version. There is some surprising news about the future of SCM releases from Microsoft at the bottom of this post.

Microsoft Security Compliance Manager SetupStatus
SQL Server ExpressInstalling
Microsoft Security Compliance ManagerInstalling
Security Compliance Manager SCM Installation Video Configuration Manager – Table 1
Security Compliance Manager SCM Installation Video Configuration Manager - Fig.1
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.1

SCM V4 Installation and Importing of Default Baselines

The first step after installing SCM is importing all the default baselines to the database. Default baselines are Windows 7, Windows 2012, Exchange, and Internet Explorer.

The Windows 10 and Server 2016 baselines will not be automatically imported to the SCM DB. We must manually import the Windows 10 1607, Server 2016, and Server 2012 R2 baselines to the SCM DB.

Security Compliance Manager SCM Installation Video Configuration Manager - Fig.2
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.2

Download Windows 10 1607 Baseline

From the SCM V 4.0 version home page, we can select “Download Microsoft Baseline automatically” to download and import the Windows 10 1607 baseline.

This is explained in the video tutorial. Windows 10 1607 Security compliance baseline contains BitLocker Security, Computer security compliance, Credential guard security, Domain security compliance, and user security compliance.

Security Compliance Manager SCM Installation Video Configuration Manager - Fig.3
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.3

Define Security Policy for your Organization

Windows 10 1607 domain security compliance 1.0 has many critical severity settings. This page of SCM shows us the default values of Windows 10 1607 and gives us Microsoft’s recommended value for each security setting. This baseline has two segregations: account lock and password attribute.

If I take an example of “Password attributes” –> Minimum Password age, there are 3 values 1. Default 2. Microsoft and 3. Customized. For example, the values of the Microsoft column in the Windows 10 1607 baseline are the ones I would like to implement as security policies for an organization.

Security Compliance Manager SCM Installation Video Configuration Manager - Fig.4
Security Compliance Manager SCM Installation Video Configuration Manager – Fig.4

References

Security Compliance Manager (SCM) retired; new tools and procedures

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module? Do you use virtual Windows 10 machines to test the Intune and SCCM policies?

Have you tried to enable BitLocker in a HyperV/VMware virtual machine? Did you ever receive the following error while you tried to enable BitLocker on Windows 10 Virtual Machines?

This Device Can’t Use a Trusted Platform module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option for OS volumes in the “Required additional authentication at startup” policy.

The video below provides a more detailed demonstration. This post helps you show more details about enabling Bitlocker on HyperV and handling error devices that cannot use a trusted platform module.

How to Enable Bitlocker on Hyper V Windows10 Virtual Machine

The video demonstrates resolving the error message “This Device Can’t Use a Trusted Platform Module. Your administrator must set the ‘Allow BitLocker without a compatible TPM’ option in the ‘Require additional authentication at startup’ policy for OS volumes.”

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Video 1

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module

Let’s discuss how to enable Bitlocker on HyperV and handle the error device that cannot use a trusted platform module. The screenshot below shows the error message “This device can’t use a Trusted Platform Module.

Your administrator must set the ‘Allow BitLocker without a compatible TPM‘ option in the ‘Require additional authentication at startup’ policy for OS volumes.”

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module - Fig.1
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Fig.1

How to Enable Bitlocker on HyperV

BitLocker will be automatically enabled on modern instant-go devices like Surface Pro 3, Surface Pro 4, etc. However, for other Windows 10 devices, each user needs to enable BitLocker via another method. BitLocker can be enabled using Windows 10 MDM policies, Group Policies, SCCM Policies, etc.  

All the above BitLocker enablement process is more or less straightforward. However, enabling BitLocker on Windows 10 virtual machines is not straightforward. When we try to enable BitLocker from “This PC” or “Control Panel.” 

The user needs to enable the following group policy (GPEDIT.MSC) on the Windows 10 VM to eliminate the TPM error while enabling the BitLocker.

Enabling Group Policy to Resolve TPM Error for BitLocker on Windows 10 VM
Local Computer Policy –> Computer Configuration –> Administrative Template –>
Windows Components –> Bitlocker Drive Encryption –> Operating System Drives –> Require additional authentication at startup –> ENABLE
 
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module - Fig.2
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Fig.2

Another important option in the BitLocker enablement process is saving the recovery key. We have four options for saving the BitLocker key: save to your Microsoft accounts, save to a USB flash drive, save to a file, or print the recovery key. How to Enable BitLocker on HyperV and Handle Error Device CanNot Use a Trusted Platform Module.

How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module - Fig.3
How to Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module – Fig.3

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

How to Download the Latest Version of Windows 10 ISO

This is a quick post and video about “How to Download the Latest Version of Windows 10 ISO.” There are three methods for downloading the Windows 10 anniversary update (1607).

How to download Windows 10 ISO? Login to TechNet Evaluation Center with Hotmail/Outlook/Live ID and Download Free Windows 10 ISO – Enterprise version. This evaluation is to test Windows 10 1607 for free for 90 days.

How to download Windows 10 ISO 1607 Anniversary update from MSDN? Login to the MSDN Subscriptions Center (for Visual Studio/MSDN subscribers) from here and download the Windows 10 ISO.

In this post, you will find all the details on how to Download the Latest Version of Windows 10 ISO.

How to Download the Latest Version of Windows 10 ISO - Fig.1
How to Download the Latest Version of Windows 10 ISO – Fig.1

How to Download Windows 10 ISO 1607 Anniversary Update from VLSC? – How to Download the Latest Version of Windows 10 ISO

You can log in to the Volume Licensing Service Center (for Volume License customers) from here and download the Windows 10 ISO.

If you already use Windows 10 1511, you can get the updated version from Settings –> Update and Security. How do you download Windows 10 Anniversary Update 1607 for your home machines? How do you Download the Latest Version of Windows 10 ISO?

Download the Latest Version of Windows 10 ISO
Download Windows 10, version 1607 update from Windows Update or Windows Update for Business.
If updates are not appearing on your Windows 10 machine, use the Windows 10 Update Assistant utility.
Download Link
How to Download the Latest Version of Windows 10 ISO – Table 1

SCCM Related Posts Real World Experiences Of SCCM Admins

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.