- Navigate to: HKEY_LOCAL_MACHINE # SOFTWARE # Microsoft # Windows # CurrentVersion # Policies # System.
- Create a new DWORD 32-bit value called LocalAccountTokenFilterPolicyDouble.
- Give the new key a value of 1.
Note: No restart required, worked immediately for me.
Scenario
Problem
- Noticed in the SCCM Admin Console that all the domain-connected clients were ‘waiting approval’ even though he Hierarchy Settings were correctly configured to automatically approve computers in trusted domains (right-click the Sites node under Site Configuration in the Administration workspace).
Root Cause
- IIS on the Management Point did not have Windows Authentication enabled.
Solution
- Enable Windows Authentication in IIS and restart all affected client agents.
Note: Check all SCCM virtual directories have Windows Authentication enabled once enabled at server level.
Scenario
Problem
- Only User and Machine Policy Evaluation actions shown in Control Panel on all clients.
Root Cause
- IIS on the Management Point did not have Windows Authentication enabled.
Solution
- Enable Windows Authentication in IIS and restart all affected client agents.
Note: Check all SCCM virtual directories have Windows Authentication enabled once enabled at server level.
SCCM 2012 and newer versions include some Endpoint Protection templates containing predefined settings for different types of systems such as SQL Server and Exchange.
The templates are storage in the ..\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.
Additional templates can be found here: https://gallery.technet.microsoft.com/System-Center-Endpoint-65917b04/view/Discussions.
The templates are imported using the SCCM Admin Console as follows:
- In the admin console, navigate to \Assets and Compliance\Overview\Endpoint Protection\Antimalware Policies.
- Right-click Antimalware Policies and select Import.
- Browser to the folder stated above and choose the appropriate template.
Trying to vMotion a VM and it failed with the following error:
A general system error occurred: PBM error occurred during PreMigrateCheckCallback: No connection could be made because the target machine actively refused it.
Easy fix – ensure the Profile Driven Storage service is running on the vCenter server – in my case I had disabled it in an attempt to save resources on the vCenter server and I did not think I was using Profile Driven Storage functionality – so I thought!
Real world sys admin – getting the job done without the need to stroke your own ego