I am in the process of deploying new systems with a fresh image to users. The image is 1909 and it places itself fine. The details for after Windows is installed is the issue. I typically run driver updates and then join the domain and reboot, and do whatever Windows updates there might be available. As the updates run, the domain policies should replicate along with whatever SCCM actions are available. I have run to an issue when I am trying "gpupdate /force" until I'm blue in the face.
I know the post image tasks will not go through when the system
1. Doesn’t throw out a conflict during “gpupdate /force” - It throws something as such about an MDM policy not working. When the policy updates without issue, I know it isn’t working.
2. The background doesn’t change to the company wallpaper/background.
3. LAPS (security app) may not load correctly and the default admin password still works.
4. The 21H1 update doesn’t show up. Checking updates stops at 20h2.
5. Software Center may or may not brand at this point and the actions may not be there.
6. We run an co-managed environment and with the previously listed symptoms, the systems in question might or might not show up on the MEM console and be co-managed and compliant.
At this point I can reboot and run gpupdate and it might work or it might not, and I can't make sense of the timing for when it does work.
Any direction would be greatly appreciated