Modify BCD to disable Win8 AutoRepair via a SCCM Application?

We've recently found that the Windows 8 automatic repair feature kills our systems that are encrypted via 3rd party tools. So we need to ensure that this is disabled on all systems.
We could use a login script to run "bcdedit/set{current}
however I'd prefer to do this via a SCCM Application if possible. As this would ensure it is set & give an easy visual check for staff via the Detection Rules & having it show as an 'installed application'.
Has anyone done this before & had any luck? I am thinking it should be possible via a custom script in the detection rules, but I've never done anything like that before.
Or am I just over complicating things & there is a much better way to handle this?


First, you wouldn't be able to run this as a login script unless your users have local admin permissions -- if they do, you can commence beating your head against the wall because you've got bigger issues anyway :-)
Next, why not just a [classic] package for this? Applications are primarily meant for, as their name implies, applications and not scripts. There's no reason you can't specifically use an application and there are some advantages to doing so, but figuring
out the detection can sometimes be more painful than its worth. Glad you got this figured out though.
Jason |