Category Archives: Uncategorized

Manage the Network Impact of OneDrive with Intune

You can now manage OneDrive behavior in Intune with the Administrative Templates preview. In Device Configuration under profiles, click create profile, and fill in the required information.

Name: OneDrive config

Platform: Windows 10

Profile Type: Administrative Templates (preview)

Then click on Create to create the profile

Next, expand the new profile and go to Settings. In the search bar, type OneDrive to get the list of OneDrive settings you can configure. To minimize the network impact OneDrive can have when admins are doing Windows 10 migrations, it’s important to enablea few settings.

  1. Files On-Demand – users don’t necessarily want their files, they just want to know they are there. Enabling this setting means they don’t really need to download their entire OneDrive library when they get their shiny new computer. This is also helpful for clearing up disk space without deleting files later.
  2. We all know users are probably going to download their OneDrive library anyway. That’s why you’ll want to set the max download bandwidth (and while you’re at it upload bandwidth), as well as max bandwidth percentage that OneDrive can use overall. 
  3. Do users need to sync their cat photos fromtheir personal OneDrive? Probably, but this is a doggo company, so we need to prevent any rogue cat downloads. This leans a little bit more on the micromanaging admin side of the fence. However, if bandwidth is already a touchy subject, might as well prevent them from syncing their personal accounts. Besides, dogs rule and cats drool.
  4. Prevent OneDrive from generating network traffic until the user signs in to OneDrive, or starts syncing files locally. Seems like a reasonable setting to prevent OneDrive from checking for updates and syncing if it isn’t actually going to be used.
  5. Silently Configure OneDrive using the primary Windows account. This setting has nothing to do with network impact, but it signs in the user on their behalf. Which should reduce helpdesk calls. More time for the dogs to take over 😊
  6. Migrate pre-existing TeamSites with OneDrive Files-On-Demand. This setting keeps already download files. Cheers to eliminating double (or 10x) downloads.

There are other settings worth investigating, such as setting a size threshold that forces users to pick what folders to sync. For more information on the settings, just click it and you’ll see the help file for it.

When you’ve got things configured as you’d like them, don’t forget to deploy the setting to your preferred groups.

Happy Thanksgiving – 2018 Edition

Hey friends, family, tweeps, and supporters. First off, Happy Thanksgiving. I hope that wherever you are in the world, and whether or not you celebrate actual Thanksgiving, that you know you are loved and appreciated. I have a lot to be thankful for this year – I’ve moved into the beautiful new home that I built.

I am going to be making some personal changes, some of which I alluded to with a tweet not too long ago. Fam, it’s 2018 (soon to be 2019). Traveling the globe is getting old and it’s super disruptive, not to mention extremely expensive.

Traveling to conferences means finding care for the dogs, horses, and boy. This tends to get a little ridiculous in the cost and planning department. It also impacts my son quite a bit as he has to go live with somebody else (family at least) for 8-10 days. He’s going to be officially starting Kindergarten so regular school attendance is going to be mandatory for the next 13 years. I know for every parent/child care taker reading this/watching this that I’m preaching to the choir .

In 2019, I plan to travel to exactly three conferences: MMS, Blackhat, and Ignite (which I realize is three more than most people get to go to). I will be focusing more on the local user group I’ve co-founded with some cool people, as well as online community efforts such as MVP Days (if they will have me), webinars, and Deployment News. While you can’t beat the networking you get by physically attending conferences, I think it’s worth exploring how to maximize virtual networking to help everybody stay in the loop without spending an insane amount of money and losing an insane amount of time going to a conference.

As for blogs – is where you’ll find general posts like these in addition to more Intune focused topics. The 2Pint blog is where you’ll find all the super cool stuff my team is posting about all things network related. Also, don’t forget to checkout the Deployment News Newsletter signup as we are looking forward to getting the newsletter rolling.

Happy day and remember – don’t try to deep fry a frozen turkey!


Links mentioned:

TechMentor Orlando

My blog

2Pint Blog

Newsletter Signup

Customizing Intel NUC BIOS with Intel Integrator Toolkit

I’ve noticed that the newer models of NUCs that I’m purchasing (specifically the NUC7i7BNH) ship with a 12 character serial number populated in BIOS. A while back, I wrote a post about how to add it should it be missing. The utility used in that post is no longer available for download, and the last time I used it, the NUC  bricked, so I set off to find a new tool to interact with NUC BIOS. Enter the Intel Integrator Toolkit.

This is a really pretty picture, strategically placed to reduce your disappointment that you will encounter in the next paragraph 🙂

Now, don’t get mad at me, but to use the Intel Integrator Toolkit, you have to disable Secure Boot to turn on the “Internal UEFI Shell” feature (which isn’t something you should leave on because it requires a keystroke to quit before it interrupts normal boot into Windows). I’m not really fond of tools that not only provide little automation in the end, but that also require you to turn off security features just to use it. Especially when you can manipulate BIOS properties of other major PC vendors from within Windows and it can be automated and distributed via a sequence engine and leave Secure Boot turned on.


Look, I have no idea what they were thinking. I’m just as confused as you.

Now on to the purpose of this post:

If you want to use the Windows Autopilot Script on your Intel NUCs, you’re in for some failure if the serial number is missing on account of the script requires a serial number 🙂

So, to fix it in a scenario where you want to add/change/remove/whatever a serial number or other bios properties, you need to:

  1.  Download the Intel Integrator toolkit (which is a .EFI file and some documentation)
  2. Format a USB drive in FAT32
  3. Copy the .EFI file from the download to your formatted USB drive
  4. Disable Secure Boot
  5. Enable Internal UEFI Shell

Now to manipulate the Serial Number property, simply boot into the Internal UEFI Shell (if it’s enabled in BIOS, it will give you a few seconds to cancel out of before it interrupts the normal Windows boot process, so best not to leave this turned on outside of this scenario).

To edit the serial number use the following syntax:

ITK6.efi –s –t system –f serial –v mySerial

Where “mySerial” is the serial number you want to enter. The -s, -t -f are flags that drill specifically to the Serial Number property. Full documentation on how to use the switches is in the guide that ships with the toolkit.

Here’s a list of customizations you can do with v 6.1.6 of the toolkit:


Product Name

Serial Number

SKU Number


Asset Tag

Chassis Type

OEM String (up to 3)




Create Local User Based on Serial Number

If you ever find yourself wanting to create a local user based on something super specific (like Serial Number) then this post is for you.

First you need your script:

#Created by Ami Casto Twitter:@MDTPro Blog:
#This script will create a local user account based on Serial Number, set the password to never expire, prevent user from changing the password, and add it to the Local Admin Group
#Make it all clean - this could be commented out if unwanted
$Error.clear() # Clear errors
#Queries Win32_Bios for Serial Number and pulls out the serial number to return it on a single line which gets captured as a variable
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
# $SN now equals the hardware's Serial Number and this variable is used to create a user account, set a password, and prevent that user from changing it
net user $SN P@ssw0rd /add /passwordchg:no
#This step sets the password to never expire
wmic useraccount where "name='$SN'" set passwordexpires=false
#This step adds the newly created account to the Local Admin group
net localgroup administrators $SN /add

Just copy/paste and save it as user.ps1 in the Scripts folder.

In MDT, open your preferred task sequence and create a new group where you would like the step to go.  Since this account is a local user and won’t be able to access anything specific to the deployment anyway, I’m adding the account near the end.

I've added the PowerShell script in a group I created for this step.

I’ve added the PowerShell script in a group I created for this step.

Notice that I call on it this way %SCRIPTROOT%\user.ps1 .  You could create a separate folder within the scripts folder, but you’ll have to remember to include that in the path as well, otherwise your deployment will fail.

And, Success!


It worked as expected – the user account matches what’s in the Serial Number property.

Disclaimer: It is very important that you pick a property that is short and doesn’t have special characters.  So I wouldn’t do this on a VM for example, I’d pick something from win32_bios such as model.

If you want to make this work on a Intel NUC, then you need to read my post about how to assign a Serial Number for your NUC.

Uninstall String for Autodesk Content Service 2016

Autodesk Content service (Especially 2016) isn’t playing nice in my environment.  If you’re in a BIM environment and you’re seeing a lot of strange things happen in Office (think ghost actions 🙂 ) I recommend uninstalling it.  You’ll see the same trends in Event Viewer as pictured below.

Event 7031 Service Control Manager

These 3 errors will appear together in the Applications node of Event Viewer

Event ID: 0 Autodesk Content Service

Event ID 1026 .NET Runtime

Event ID: 1000 Application Error


From admin prompt:

msiexec /x {A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F} /quiet