About the author

Mattias Benninge


New and removed built in apps in Win11 22H2

By Mattias Benninge / September 22, 2022

This is a short post where the built in appx and FOD (feature on demand) packages are compared to the ones in the original Windows 11 21H2 release. The Enterprise version of Windows 11 have been used to make the comparison. The built in appx packages and FODs are documented by Microsoft here: https://learn.microsoft.com/en-us/windows/application-management/provisioned-apps-windows-client-osandhttps://learn.microsoft.com/en-us/windows/application-management/system-apps-windows-client-os At […]


Using PowerShell to download Edge Chromium for Business

By Mattias Benninge / July 2, 2020

In Microsoft Endpoint Configuration Manager you can create an Edge Application using a Wizard that will download the latest (or a specific) version. Here there is also an option to select that once the browser is installed that it will auto update itself. However once this package is created it will always install the version […]


Microsoft Endpoint Manager Documentation and Export tool

By Mattias Benninge / February 16, 2020

I have just published a tool (PowerShell script) on github to create a comprehensive documentation of a tenant and also export all settings in JSON format that can also be used for importing settings again in the same tenant or even another. This can be very useful in a scenario where there is a DEV-tenant […]


SemiAutomate Onboarding Devices to Windows Autopilot

By Mattias Benninge / February 2, 2020

This solution is for devices that have already been bought or for lab/test scenarios to simplify the onboarding process. When planning on going into production the devices that are bought should already be enrolled into your tenant by your hardware vendor. A list of vendors that support Autopilot can be found here Link This solution […]


Verify HTTPS enabled CM Management Points with PowerShell

By Mattias Benninge / January 14, 2020

On a normal Management point it is pretty straight forward to test if the management point is working by browsing to these addresses: http://<mp_server_name>/sms_mp/.sms_aut?mplisthttp://<mp_server_name>/sms_mp/.sms_aut?mpcert But if you try to do that on a HTTPS-enabled management point as a normal user you will get an error with access denied. This is because the CM client uses […]


Create a Maintenance Window in ConfigMgr with an offset from patch Tuesday

By Mattias Benninge / January 11, 2018

So its that time of year again where it is time to create all those Maintenance Windows for your patch groups. If you are like me and don’t want to do them on actual patch Tuesday (not that Microsoft ever had any issues with their patches, right? ) you might miss an option in ConfigMgr to create the MW’s with an offset based on patch Tuesday. The reason you might want this is that sometimes the second Wednesday comes before the second Tuesday of the month.


Command line options for Software Center

By Mattias Benninge / September 7, 2017

In SCCM CB 1706 there is a new feature that allows you to direct link an application to Software Center by pasting a link into your browser. This can be achieved by clicking the “Share” icon when you have choose the application you want to link to.


PSScriptPolicyTest script gets blocked by AppLocker in the event log. Why and what are those files?!

By Mattias Benninge / June 7, 2017

If you are using AppLocker (which you should) and have enabled the function “MSI and Scripts” in AppLocker to whitelist only signed PowerShell scripts you will get some errors in the event log even though your scripts are signed. Checking the event viewer log for AppLocker events you will see that the logged on user tried to run 2 different scripts starting with __PSScriptPolicyTest and the extensions .ps1 and psm1. The full name is something like  __PSScriptPolicyTest_bavjba32.xjg.ps1 where the name is __PSScriptPolicyTest_..ps1/psm1


Using File Screen to block Ransomware like WannaCry on server shares – Part 1

By Mattias Benninge / May 29, 2017

There has been a lot of talk of the WannaCry malware last couple of weeks and I will try to describe how you can add another layer of security between a infected computer and your central file storage. There is already a few write-ups within this area, most of them only use the File Screen service to block users from creating new files with know extensions or renaming existing ones. This is a good start but it does not actually prevent the user (or the malware running in user context) from deleting all the files on your servers.