Import boot image drivers from existing boot image

With the new “Current Branch” model of ConfigMgr and Windows 10 we can expect a faster release cycle of the ADK, which means new boot images pretty regularly!   Creating new boot media is really simple.  However, reimporting all of your required drivers into that boot image can be a real chore.  Here is a script that that identifies the drivers in a source boot image and imports them into a destination image.  This should reduce time to create usable boot media significantly.  Give it a spin and give me some feedback.

The script can be found here .

Usage –


“Mfc120u.dll is missing from your computer” when viewing Status Message Queries in ConfigMgr Console

When trying to view status message queries from the ConfigMgr console –


The program can’t start because mfg120u.dll is missing from your computer.  Try reinstalling the program to fix this problem.

You are missing the VCRuntime 2013 x86.  The installer can be normally be found at \\primarysiteserver\sms_xxx\client\i386\vcredist_x86.exe or from Microsoft


Maintaining Your Office 2016 Installation Source

Deploying an updated Office installation has always been an annoyance of mine.  It is ideal to be able to deploy a fully updated Office installation so you don’t have to run a software update scan and then wait for all the office patches to download and install.  Having to install less software updates can reduce your deployment or build and capture times significantly.

Side Note –  To avoid all of this legacy overhead, use Office 365 Click to Run edition.   It is easier to deploy and manage the click to run editions of Office because there is built in functionality to keep your installation source up to date without having to identify, download and test each individual update.

Fred has joined Now Micro and is passionate about PowerShell and how it can make life so much easier.  The solution laid out below can reduce your deployment time and complexity around deploying and managing Office.

The Updates Folder

To install Microsoft Office software updates as part of the Office suite deployment you can download the applicable updates and place them in the updates folder of the Office source installation.  These are in the form of MSP files.  This is a well-documented process that hasn’t changed for a while.


The biggest challenge with this has always been locating all the available updates for your particular Office installation.  Sifting through the windows update catalog is a real chore and I am lazy, so I looked to enlist the help of ConfigMgr and PowerShell.

In the site settings for your software update point be sure that you have selected the Office 2016 product.  Do this and then synchronize your software updates point if you haven’t already.


Download all Office 2016 Software Updates, that are not expired, not superseded and for the appropriate architecture (32 or 64 bit) to a new Software Updates Deployment Package. Filter your search results to just include the architecture you are looking for.  (64-bit or 32-bit)


Select all updates (ctrl-a), right click and select Download.


Create a new Deployment Package when prompted. Take note of the Package Source folder. It will be referenced later.


This will download all the source files to wherever you specified when you created the Software Updates Deployment Package.  A unique directory (sometimes more than one) is created for each software update in the Deployment Package.


Remove the problematic updates –

Remove the following updates from your Deployment Package before proceeding.  These updates for reasons unknown will fail to install during the deployment and will cause the installation to return a failure error code.  These can be removed directly from the Deployment Package using the ConfigMgr console. (Right click each update and select delete)
















Each folder created during the software update download will have a .cab file that contains the Office update MSP you are interested in.  If you start extracting these archives you will quickly notice that all the software updates for Excel are named the same. This behavior is the same for all products in the suite.  (Word, OneNote, etc.).  PowerShell to the rescue!

This script will extract the MSP files from each cab archive, save them with a unique name, copy them to the updates folder of the Office installation and then clean up .  To use this script modify the parameters of the Get-Office2016MSPsFromCab function to match your environment or specify them explicitly when running the function.


The script in its entirety can be found here.

I hope you find this useful!   Contact me at @FredBainbridge with specific questions.

Enable Isolated User Mode in Windows 10

You need to enable Isolated User Mode in Windows 10 if you want to, among other things, utilize the virtual TPM chip in generation 2 virtual machines.  If you try to start a gen 2 virtual machine with the TPM chip enabled but without Isolated User Mode enabled you get this error message –

First, own and activate your TPM chip and then run the following PowerShell commands –

Did you reboot after doing this and expect it to work but it didn’t?  Check out the event log and then activate your TPM chip!


Git and the PowerShell prompt

There is lots of information out there on using Posh-Git.  This is nothing new, its just a little helper for me since I have been recently been shuffling through workstations at an alarming rate.  If it is useful for you as well, stellar!

  1. Install GIT

  1. From an elevated powershell prompt –


  1. Modify your profile for PowerShell and PowerShell_ISE

Reference for PowerShell profiles

Posh-Git will install in C:\Program Files\WindowsPowerShell\Modules\posh-git\\.  This will obviously change as newer versions are released.  Verify the path with this command –

In this directory you will find profile.example.ps1

 Comment out line 4 and uncomment line 8.  (Unless this doesn’t work for you, then make the modifications that would work for you)


  1. Make any additional modification you want to make to your profile and then copy the contents of profile.example.ps1 to:

C:\Users\[username]\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 and



  1. Start a new PowerShell instance and then create a new GIT repository.  Check out your awesome prompt.


Nested PowerShell Modules

If you are curious about how to import a PowerShell module that has dependencies on other modules this can be done with the module manifest file (PSD1). You can do some pretty wild stuff with a PowerShell Module Manifest file. For starters here is a great outline how that file works with some decent examples.
Here is an example of how to have nested PowerShell modules. The nested module in this case being a C# compiled .dll. It is nothing fancy, just a custom class definition. More on PowerShell classes here.

First you use the NestedModules element of the psd1 file to reference the path of the nested module to be loaded. This requires a path relative to a location in the $env:PSModulePath. Aka, where you would normally look for modules. In this case the module would be expected to be found at [PSModulePath]\TCMABL\. This can be a comma separated list if you have multiple nested modules.

Then use the ModuleList element to list all modules packaged with this module. Note – your nested modules do not have to be packaged with your module. But if you want to ensure it is present it may be a good idea to package them together.

That is it. Now the nested module will be available as long your original module is loaded. But the nested module itself won’t be listed as loaded if you do a Get-Module. But rest assured, it’s there and ready for use.

For fun, let’s prove it –

First, clear all loaded modules –

Import just the nested module. (I am not using relative paths in this example, but you can)


Now I can instantiate my custom class if I so desire.
Side note – This class was used for some sabremetric baseball stats for an amateur baseball league I play in.  I’m so replacement level.

In order for the object type to no longer be available you have to restart the PowerShell instance. Close and open the ISE or whatever you are using for you PowerShell development. If you try to instantiate the custom object now, it won’t work unless you have the module package present in your $env:PSModulePath.

Now load your PowerShell module that has this .dll listed as a nested module and do a Get-Module. Notice only the PowerShell module I imported is now available.


Notice you don’t see the NestedModule listed but you can still instantiate the custom object!

Cool stuff.

MTG Sealed Booster – Pauper

My friends and I have been playing a homebrew version of limited for a while and let me tell you, it has been outstanding.  We have actually been playing it more than I expected and now we have about 25 boosters worth of cards a piece.  In order to spice things up a little bit we have recently started making pauper decks from our libraries as well.  Not surprisingly, its been a blast.

In general, here is how it goes down.  These are guidelines for your library of cards.

1. Determine your first deck randomly.
2. With your remaining ununsed colors create 1 or 2 pauper decks.
3. Stay up way too late playing matches.

Rinse and repeat for the next session.

Standard rollover is coming up soon!  April 8th to be exact.  It should be fun to lose approximately half our library of cards and start semi-fresh.

Game on.

Intune Conditional Access

Configure Conditional Access to Exchange Online based on Mobile Device Compliance – 
This only applies when managing devices with Intune integrated into ConfigMgr. Essentially, the lesson here is to do all your compliance management from the ConfigMgr console. Do not use the Intune administrative console ( other than to enable Exchange Online Conditional Access.

How to do it wrong –
Enable conditional access from the Intune management console (
Create a compliance policy in the Intune console.
Deploy it to some or all users.
Wait 10 minutes
Check compliance on mobile device. (should be compliant)
Enroll a new device.
You are probably unable to enroll any new devices at this point.
Remove the Compliance Policy from Intune console and your problems go away.

How to do it right – 
Enable conditional access from the Intune Management console (
In the ConfigMgr console create a Mobile Device Policy Baseline with a compliance item specifying a password policy for mobile devices (example)
Deploy it to your managed users.
Wait 10 minutes.
Check compliance on existing mobile devices
Enroll new devices.

This is how you configure compliance with Intune Integrated with ConfigMgr.  Use the ConfigMgr Console and stay out of the Intune admin console.

Azure Spending Limit Reached

I have pushed my cloud first ways too far and have just exhausted my azure credits and my subscription has been deactivated! I went to the Azure management portal (legacy) and updated my account and removed the spending limit. But my account is still not activated! Ahhh!!

ReadOnlyDisabledSubscription: The subscription [GUID] is disabled and therefore marked as read only. You cannot perform any write actions on this subscription until it is re-enabled.

Answer: It can take a bit of time. Get a cup of a coffee or tea, or do a quick yoga routine. Don’t panic. This generally takes 30 minutes to update for me.

MTG Random Deck Color Chooser


Deck Picker

This determines if you are using 1-3 colors in your deck and what the colors are.