How to deploy desktop wallpaper and lock screen image to domain joined windows 10 laptops using GPO – For PCs connected via VPN and also for PCs in office LAN

Requirement: I got a request from client to deploy their organization wallpaper and lock screen image across all the domain joined workstations. Domain joined workstations also include the laptops which are not in office but connect via VPN. I have created one GPO which covers both the scenarios. Its a tested policy which is working fine on the target systems / users. Let me share the policy details which can save some time for you if you get a similar request. For Domain joined PC’s which are not in the office and connect occasionally via VPN –> I have used wallpaper.bat file which is copied on users desktop and i …

Read more

How to Uninstall different versions of WinZip software installed on Windows 10 system using Microsoft Intune

Requirement: I got the requirement from one of our client to uninstall WinZip software from all users PCs. There were different versions of WinZip installed on the systems. I have targeted WinZip 24.0.14033 and WinZip 24.0.13650 and i will show you how to uninstall these two versions by creating MS Intune Windows App (Win32) App Package. I will also show you how you can uninstall WinZip versions other than the one’s given above. Let’s start —> Check the WinZip software version on target machine on which you want to remove the software and try to find the WinZip MSI file matching this version number. If you are unable to find …

Read more

Deploy and manage custom favorites to Microsoft Edge on Windows 10 devices using Microsoft Intune

First step is to create favorites in below format. You can customize it as per your requirement to include Intranet Pages or Internal Web Portal URL. Below favorites text format will be used when you will create a Policy to configure Favorites for Microsoft Edge. Please make sure URL and name is in quotes. You can simply copy below text and modify as per your need. Change the toplevel_name value to change the Root Level Folder Name which contains all the favorites. Once you have created favorites in a text file in above format. We will now proceed on configuring it / Pushing it to users workstations. Login on Microsoft …

Read more

How to unjoin a Hybrid Azure AD joined device

Background: Recently I came across an issue where a Citrix VDA’s version 1912 CU2 was joined to Azure as Hybrid Azure AD Join Device which was not allowing users to launch applications. As soon as someone would launch an application, VDA state was getting changed to Unregistered state. We have used Azure AD Connect Wizard to configure all domain joined devices to join to Azure AD which will make them Hybrid Azure AD joined device on Azure. After spending hours to investigate on this issue and also rebuilding the Citrix VDA’s. This issue was persistent. We have decided to remove Citrix servers from azure active directory to fix this issue. …

Read more

Configure team site libraries to sync automatically using Microsoft Intune / Endpoint Manager

You can manually sync a Sharepoint teams site library to your windows 10 system by accessing the Sharepoint teams site library and clicking the Sync button. However, If there is a default internal library which you want all users to use and sync it to their systems. Its easier to configure a policy to automatically sync it on users systems rather than each user access the library via web browser and clicking on sync button. OneDrive Files On-Demand Must be enabled. Applies only for users on computers running Windows 10 (1709) Fall Creators Update or later. Do not enable this setting for the same library to more than 1,000 devices. …

Read more

Install Microsoft 365 Apps for Enterprise in Shared Computer Activation Mode on Windows Virtual Desktop / Citrix Server / Terminal Servers

office 365

Shared computer activation lets you deploy Microsoft 365 Apps to a computer in your organization that is accessed by multiple users. Shared computer activation is required for scenarios where multiple users share the same computer and the users are logging in with their own account. Normally, users can install and activate Microsoft 365 Apps only on a limited number of devices, such as 5 PCs. Using Microsoft 365 Apps with shared computer activation enabled doesn’t count against that limit. For more information, you can check the link on Microsoft Docs: Overview of shared computer activation for Microsoft 365 Apps. Download Office Deployment Tool Double-click the downloaded file to launch. Accept …

Read more

External Users / Guests are able to bypass lobby – Microsoft Teams meeting

Microsoft Intune

Even after setting Automatically admit people to “Everyone in your organization and federated organizations” and Allow dial-in users to bypass the lobby to Off in the meeting policy, External Users or guests are able to bypass the lobby and are able to join the meeting straight through. I had to open a ticket with Microsoft after one week of troubleshooting and finally found the root cause of this and fixed it for the client. Hope this will help you too if you are facing a similar issue where third party vendor or external guest users are able to bypass the lobby even though the meeting policy is configured correctly. Below …

Read more

How to uninstall expressvpn application from Windows 10 systems using Microsoft Intune

Intune

Some of the apps are pre-installed with Windows 10 and not required by the end user. Therefore, these applications need to be removed. expressvpn 7.12.1.4 is one of the application. The below steps can be followed to uninstall any version of expressvpn installed on windows 10 systems. expressvpn app is not available from Microsoft store for business, therefore it cannot be synced from Microsoft Store for Business portal to Endpoint manager and target for un-installation. We need to create a Win32 app package to uninstall this app. Below process of uninstallation can be followed for applications other than expressvpn as well, just check the silent install / uninstall switches for …

Read more

The System administrator has set policies to prevent this installation

The System administrator has set policies to prevent this installation

I received an error while installation of an application with .msi extension. “The System administrator has set policies to prevent this installation“. Below screenshot is popped up from windows installer, even though i am logged on to the PC using local administrator credentials. Solution Right Click on Enforcement and click Properties. Select “All users except local administrators“. Click on OK to exit.

Deploying MSI Application on Windows 10 workstations using Microsoft Intune

Intune

There are numerous ways to deploy an app on Windows 10 workstation. I will be deploying an application using MSI Installer provided by the vendor. Download the application MSI Installer file from the Vendor web site and follow below process to deploy it on the target computers. I will be using Line of Business apps Deployment method of Microsoft Intune for this deployment. Line-of-business (LOB) apps and Microsoft Store for Business apps are the app types supported on Windows 10 devices. The file extensions for Windows apps include .msi, .appx, and .appxbundle. 1. Login to Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com). 2. Go to Apps -> All Apps -> click …

Read more