Suchbegriff: Sprache:

     Anzahl ausgewählter Meldungen: 50 (von max. 50)

03.05.2018 07:43:00 Quelle:

Windows 10 1803 - hiding gaming/phone

Has anyone figured out how to hide gaming and phone in Settings?

I've already tried hide:gaming-gamebar;gaming-gamedvr;gaming-broadcasting;gaming-gamemode;phone;phone-defaultapps,mobile-devices in Computer Configuration\Administrative Templates\Control Panel\Settings Page Visibility

Edit: all good. I used a comma instead of a semicolon. Thanks all!

submitted by /u/baldiesrt
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

03.05.2018 07:41:00 Quelle:

Windows 10 1803: Die wichtigsten Neuerungen (für Unternehmen)

Geräte für Windows 10Zum 30. April 2018 gab Micro­soft die Version 1803 von Windows 10 offi­ziell frei. Die meisten Änderungen be­stehen in der Erwei­terung be­stehender Features. Für geschäft­liche Anwender und IT-Pros gibt es nur eine Hand­voll auffälliger Neuerungen. Das Upgrade rechtfertigt sich vor allem durch zahl­reiche Detail­verbes­serungen.

der Autor auf            ext. Link anzeigen

28.03.2018 14:06:00 Quelle:

Does Microsoft know they support Windows-To-Go ?

We bought a couple of Windows-To-Go certified USB sticks. The expensive Kingston Workspace kind. (Waste of money because you can also format a normal stick in order to use Windows-To-Go). We went with the certified sticks in order to have the most compatibility.

I've tried a couple of Windows versions but eventually went with Windows 10 LTSB. Installing the image on the stick is super easy with the included installer that is included since Windows 8. You can even automate the process using PowerShell.

The problem I'm having is that each large Windows update can't be installed on the stick. The update downloads, starts installing and then greets me with the message in the likes of "Update can't be installed on a removable device". I mean wth? This is something that is officially supported by Microsoft, I'm using a certified device and I'm using the original tools in order to install them.

submitted by /u/CoNsPirAcY_BE
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

28.03.2018 14:06:00 Quelle:

Im in over my head, reading through this subreddit makes me feel like an idiot.

Hi everyone,

First a little background about me, I'm a college dropout and had difficulty finding a job at first, so I started working as a customer service agent for a phonecompany. I gradually moved my way up and was a Business Intelligence Officer until October. I started a new job because I needed a bigger challenge.

I started working for a small company (less than 30 people) as IT Officer, main reason I was hired is because of a new BI project where data became the prime focus of the company.

Because there are only 2 IT'ers (including me) we do a lot of user support but outsource most important stuff, server maintenance, firewalls and so on.

However I'm now in charge of ordering and setting up the new pc's and been reading up on imaging and how to quickly roll everything out.

Honestly, everything I read sounds alien to me and every time I try to test something I come up with issues.

  • Tried setting something up using Oracle VM Virtualbox, but I need an iso file of windows 10 which I don't have because everything is OEM licensed.

  • Tried MDT, but honestly I just don't get it (maybe I should watch youtube videos on how because written text just isn't clear)

  • Ghost is next on my list to test.

What I have managed to do is setup chocolatey locally to install programs easily, still need to do more research to see if it's possible to create my own package with essential programs in it, deploy it remotely and have it check for updates weekly.

Do you guys have any tips on first of all how to configure 20 pc's easily for someone with no IT background but an interest in IT?

And secondly do you have any tips and things I should read up on because they're essential for an allround IT'er? (I'm happy that most of it is outsourced but at the same time it prevents me from learning about new things. My coworker doesn't have an IT background either and doesn't really have an interest in hardware or using anything that requires more knowledge than an intermediate pc user.

I feel like cmd or powershell are good places to start along with Active Directory (I know how to create new users and add them to security groups, but I'm just going through the motions instead of learning how everything works)

TL;DR Dunno what the fuck I'm doing and fear of failure is kicking in, send help.

submitted by /u/Akinto6
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

26.03.2018 10:53:00 Quelle:

Semi-Annual Channel (Targeted): Service-Branch für Windows 10 konfigurieren und auslesen

Update und Sicherheit in der App EinstellungenMit Windows 10 1703 hat Microsoft das Service-Modell von Current Branch (for Business) auf den Semi-annual Channel umge­stellt. Dadurch ändern sich die Bezeich­nungen und Optionen in den Ein­stellungen für GPOs. Möchte man wissen, welchem Update-Kanal ein Com­puter folgt, dann gibt es dafür ebenfalls neue Registry-Keys.

der Autor auf            ext. Link anzeigen

16.03.2018 10:29:00 Quelle:

PSA: trouble with GPO applying at startup or network drive maps at logon on Windows 10 ? Its "Fast Startup"

I've been troubleshooting a problem with GPOs not applying after a cold boot, after applying the Fall Creators Update. I've gone so far as to delay the logon screen with GPO startup script, followed by a script in Task Scheduler to see if the network adapter was enabled before it proceeded to do the rest because it seemed to be ignoring "wait for network connection before processing GPOs". But even that was ignored.

Apparently, Fast Startup, the feature that doesn't shut down your computer but instead hibernates after logging off, is now on by default for Windows 10 in the Fall Creators Update, but it's still called "shut down".

This causes various issues, in our instance where we have a mandatory profile auto-logged in, it would fail to load the profile because the network connection wasn't up before it finished loading the hibernation file. No insane hardware either, base spec NUCs and laptops with SSD. It also meant GPOs only applied after a reboot, not a shut down and power on. It also caused some problems with workstations to be apparent only after a Windows Update, because the road warriors don't reboot, they just close their laptop or "shut it down".

I've also seen this give problems with connecting network drives mappings reliably.


To disable through GPO:

Computer Configuration \ Policies \ Administrative Templates \ System \ Shutdown \ Require use of fast startup --> disable

Even though the wording says it doesn't force it off, setting it to "disable" does disable the feature. As of writing this works correctly for 1709 but maybe 1803 or later will not honor the setting, so keep this in mind.

submitted by /u/OrangeFluffyBunny
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

16.03.2018 10:26:00 Quelle:

Microsoft veröffentlicht Preview 1803 für RSAT und Project Honolulu

Projekt HonoluluEinen Monat vor den erwar­teten Updates für Windows 10 und Server 1803 bringt Micro­soft aktu­elle Previews der dazu passen­den Management-Tools. Die RSAT beschrän­ken sich im Ver­gleich zum letzten offi­ziellen Release 1709 auf Bugfixes, während Project Hono­lulu unter anderem neue Funk­tionen für Storage Spaces Direct bringt.

der Autor auf            ext. Link anzeigen

16.03.2018 10:26:00 Quelle:

Schriften ohne administrative Rechte installieren

Schriftarten in Windows 10Die Instal­lation von Fonts gehört immer noch zu den Tätig­keiten, die admini­strativen Be­nutzern vorbe­halten bleiben. Wenn User häufig Schriften instal­lieren müssen, aber keine erhöh­ten Privi­legien er­halten sollen, dann helfen hier eigene Tools. Windows 10 ab Version 1803 erlaubt das Nach­laden von Fonts aus dem Store.

der Autor auf            ext. Link anzeigen

12.03.2018 16:33:00 Quelle:

Microsoft says majority of Windows 10 use will be streamlined S mode

Which is just-about an admission Win 10 is a mess

Microsoft has confirmed Windows 10 S will be a "mode" available in all versions of Windows, and added a prediction it'll be used by a "majority" of users.…

der Autor auf            ext. Link anzeigen | ext. Link in deutsch (Testphase)

12.03.2018 16:33:00 Quelle:

Windows 10 Long Term Service Branch - anyone with real world experience with it willing to share?

We are currently using Current Branch (or as it's now affectionately known as The Semi-Annual Release Channel). I'm exploring the option of changing future strategy to the LTSB, but I'm hoping to find some folks that have gone down this path and can share their experience with it. I'll do the demos and trials that go with this sort of thing, but if there's any gotchas that I wouldn't see for months down the road, I'm hoping to get an early warning before I have the basket half full of eggs. Any help would be appreciated. I am doing my own share of research, but I'm not discovering very much voice of the user in the mix. Thanks folks!

submitted by /u/juandurr
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

23.02.2018 11:29:00 Quelle:

Windows 10 - Inaccessible Boot Device

Windows 10 - Inaccessible Boot Device submitted by /u/cjlee89
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

23.02.2018 11:29:00 Quelle:

Windows 10 Pro Or Window Server 2016 for Virtual Computers?

Basically I want to use one computer and set up 4 virtual pc's on it so that they can be accessed from outside our office! These virtual pc will only be used to write documentations. Now my question is would I need to buy the windows 2016 license or can i just buy the windows 10 pro? Also, because I already have you on the line! would I need to buy a separate Windows 10(home) license for each host?

Thank you in advance!

submitted by /u/Grymrch
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

15.12.2017 16:31:00 Quelle:

HTML5 videos not working in IE11/Win10 - Fresh Image

Hey guys, having an odd issue happen. On our freshly imaged Windows 10 machines, HTML5 video does not seem to be working in IE.

The 'fix' that works is to do a reset all settings on the advanced tab of Internet Options. It is user profile specific, and blowing away the user profile of course brings the issue back.

Initially figured we had a GPO causing the issue, but doing multiple gpupdate or gpupdate /force and reboots does not bring the issue back after a IE setting reset.

YouTube does not work in IE, and also HTML5 videos posted on our internal sites. Any ideas what on earth is causing this? I need to find a mass deployable fix!

submitted by /u/Fendulon
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

15.12.2017 16:31:00 Quelle:

Windows 10 Free Upgrade ending? How does everyone else upgrade?

So after reading an article on

it is said ending 2017 the free windows 10 upgrade will not be available anymore.

For the past year or two I have been doing many, many windows 10 installations and I simply input the windows 7 key ( this activates windows 10 ) and if the computer was running on windows 8 and has UEFI it automatically activates windows 10.

Does this mean I will no longer be able to upgrade these machines to windows 10 how I had previously been doing so?

submitted by /u/Elcoco69
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

15.12.2017 16:31:00 Quelle:

Probably a Stupid Question Regarding Microsoft Accounts and Domain Users

I'm looking through the Security Options part of Group Policy and I see the entry named "Accounts: Block Microsoft Accounts" and after reading the documentation, it seems that it choosing any option that isn't disabled, prevents users from adding a Microsoft Account to the user account.

And I was wondering if there is a way to block someone from logging in with a Microsoft Account but still allow them to add one to the Settings app for Windows 10, say for the purpose of syncing their settings for example.

So far, I'm thinking so long as I adjust the Allow Log on Locally policy to only allow user accounts that are a member of the Domain Users group instead of the regular Users group, it should allow it but I'm not entirely sure.

Anyone got any thoughts if this is possible?

submitted by /u/WinOSXBuntu
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

15.12.2017 16:31:00 Quelle:

How to access localhost on Ubuntu Linux Sub-system for Windows?

How to access localhost on Ubuntu for Windows?

I'm on Windows 10 Pro 64-bit, version 1709, OS Build 16299.125

I've installed the Ubuntu 16.04.3 LTS Linux Sub-system locally for Web Development purposes.

I've placed an info.php file into \var\www\html but when I attempt to access it at via my Browser in Windows, I receive the error:

"This page isn’t working is currently unable to handle this request. HTTP ERROR 500"

info.php has the following code in it:

<?php // Show all information, defaults to INFO_ALL phpinfo(); ?> 

If I access via my browser in Windows, I receive the Apache2 Ubuntu Default Page.

And that's it. Just trying to get this working. I've installed LAMP, Composer, CLI and that's it on this server thus far.

Edit Found an error log in \var\www\html called "C#003A#005Cxampp-new#005Cphp#005Clogs#005Cphp_error_log". Opened it and it says:

[15-Dec-2017 10:18:41 America/New_York] PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0

[15-Dec-2017 10:18:41 America/New_York] PHP Fatal error: Unknown: Failed opening required '/var/www/html/info.php' (include_path='.:/usr/share/php') in Unknown on line 0

Not sure what that means. Any ideas?

Thank you.

submitted by /u/kayderptimeplz
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

15.12.2017 10:32:00 Quelle:

Skype For Business keeps prompting for a different users credentials every time it is launched.

Every time we launch Skype for Business (or Outlook) a prompt box comes up for one of our users - the dialog box will come up periodcally throughout the day after that. sometimes even when a user is logged in to Skype for Business. Sometimes we will ahve to force -quit and relaunch as other users will not be able to successfully log in.

Details: -PC is running windows 10 -Running Office 365 (no one premise server) -Shared PC, logging in under a 'house' credential used for the meeting room. -In Credential Manager i see 4 generic entries AFTER the prompr appears. if i quite SKype for Business, delete them and then reopen Skype For Business, those 4 entries regenerate. -no SIP profile for the user in question (%UserProfile%\AppData\Local\Microsoft\Office\16.0\Lync) - there are other user sips, and then the \Tracing folder, but none for the user in question. -No Outlook ost file for that user (C:\Users\tdedman\AppData\Local\Microsoft\Outlook) -i've run a repair on Office, no change. -I've uninstalled Office, rebooted, re-installed office. But the Prompt for that user is still coming up when we launch Skype for Business.

Any ideas?

submitted by /u/fortmaxwell
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

14.12.2017 16:17:00 Quelle:

Cant install Ubuntu shell on windows 10

Hello , i understand this isn't exactly related to sysadmin stuff but i assume atleast some of you did this and might have advice .

I enabled developer mode in windows , it gives a message that says "Developer mode is turned on.However remote deployment ad windows device portal couldn't be found in windows update , so they're not available . error code 0x800f954

is this normal or should affect this issue ? because a co worker of mine says he had the same issue but it works for him now, tho he said it wasn't smooth to get it working .

i Enabled the “Windows Subsystem for Linux (Beta)”

but when i go to the windows store the Get button is greyed out and i can't click it , any advice ?

submitted by /u/Emmanuell89
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

14.12.2017 10:16:00 Quelle:

Anyone have RSAT installer for Windows 10 1607?

I am currently on Windows 10 ltsb version 1607. I need the remote server Administration tools for that version, however Microsoft does not provide them for download.

I know, I could just install the current release and be able to download and use the current remote server Administration tools. But I am currently testing ltsb for release to our users. During that time, I would like to also have the tools installed.

I would like everyone's opinion as well, if I am going to be using remote server Administration tools in the future, would it be best for my machine to be on a current release? Rather than on the ltsb release? It seems like this is going to be the best solution going forward.

submitted by /u/djdubd
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

14.12.2017 10:16:00 Quelle:

Disable autostart apps in Windows 10 1709

Looking for option to set "Use my sign-in info to automatically finish setting my device after an update or restart" for domain users. I want disable starting not closed aplications. In windows 10 1709 Fall Creature Update.

submitted by /u/wlfht
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

14.12.2017 10:16:00 Quelle:

Windows 10 | Printer GPO


In our company we are currently using Windows 8.1 and Windows 10 client computers. There seems to be a problem on the Windows 10 machines as our printer states that it is "Offline", this is usually only on one to two computers at the same time. That is often fine, as everyone is not printing here.

The problem is that in the recent days I've had to manually do two things in order for the printer to seem online on the client computer.

  1. gpupdate /force

  2. Restart the "Print Spooler" service

After doing those steps it works again, but I have a feeling that this is due to our GPO being broken in Windows 10. Does anyone have any suggestions as to what may be the problem?


submitted by /u/OnlyDrey
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

13.12.2017 22:17:00 Quelle:

Windows 2016 Server constantly trying to talk out to Microsoft

Good morning all. I work in a mostly Windows Server 2008 R2 shop and it's probably a little overdue but we have started transitioning to 2016 on tertiary and new servers and probably need to start replacing our core stuff like domain controllers and file servers in the near future. After I built a couple of utility machines the other day I got an alert that our syslog rate had spiked and upon checking it out I find that these servers are trying to talk back out to Microsoft pretty much constantly. For example, from our ASA logs:

2017-12-12 00:00:18 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3908 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 00:00:18 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3908 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 00:00:18 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3909 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 00:00:19 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3909 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 00:00:19 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3909 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 00:00:19 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3910 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 23:51:23 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3449 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 23:51:23 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3449 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 23:51:23 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3450 dst outside: by access-group "acl-out" [0x0, 0x0]

2017-12-12 23:51:24 Local4.Warning %ASA-4-106023: Deny tcp src inside:<redacted>/3450 dst outside: by access-group "acl-out" [0x0, 0x0]

What's more, these utility machines are intentionally not joined to our Windows domain and I see about 16,000 of these over the last 24 hours whereas another 2016 VM I built a few days ago is only trying to go out about 1,600 times per 24 hours and the only real difference is it is joined to our domain. I looked at our list of base GPO's that would be applied to it and I dont see anything that I believe would have an effect on this. Also, these machines have been directed to our WSUS servers via registry entries so I don't believe these are related to updates.

So next I did some googling and there are of course a lot of conversations out there about Microsoft tracking telemetry data on Windows 10, but it seemed like there were a surprisingly small number of people talking about this on Server 2016. Has anyone else run into this/looked at this/been concerned about this? What do you do about it, if anything? Do you just let your servers talk out? Now what we might do is just create a separate rule in the ASA that blocks outbound on these 2016 machines and simply does not log it but that is less than ideal.

Also, I am open to any suggestions of subreddits to cross-post to. r/WindowsServer/ does not seem particularly active.

Thanks for any responses.

submitted by /u/inavlid_username
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

13.12.2017 16:17:00 Quelle:

Sysprep windows 10 doesnt load answer file

Hye guys,

I'm quite new to these things so, be gentle, I created an answer file for a windows 10 installation which worked marvellously, added an admin account, auto-log-on with that account, ran some commands (except the one i really wanted "winrm QuickConfig -Force" but this is not about that). So I then customized the vm, ran "sysprep /generalize /oobe /shutdown" and expected that when i boot the vm with an iso with a new autounattend.xml inside it would run that. But it doesn't :/ Here's it : Any ideas?


submitted by /u/Deeds
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

13.12.2017 16:17:00 Quelle:

Lab Laptops - How to prevent Windows auto restarting or notifying via GPO

Does anyone have a guide for a good generic GPO that will prevent windows updates notifying or restarting a group of Windows 10 Laptops which are used in a computer Lab. I don't want the students to be notified or experience anything to do with Windows UPdate.

I have under the Admin Templates

Do Not display Install Updates ... in shut down Box - ENABLED Turn Off Auto Restart During Active Hours - ENABLED (7am - 7pm) Turn Off Auto restart Notifications - ENABLED Configure Auto Updates - ENABLED (4 - Auto Download and Schedule Install) Every Saturday @ 9pm NO Auto-Restart With Logged on user for scheduled AU Install - ENABLED

Will this be enough and what would the behavior be if the machines did NOT update on the Saturday?

I intend to get a WSUS running ASAP as I believe this would allow me to control the delivery better; would that be correct?

submitted by /u/KayJustKay
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

13.12.2017 10:17:00 Quelle:

Controlled folder access - New Win10 Feature?

Hey All,

Has anyone had a chance to look at this new controlled folder access feature for Windows 10? supposedly it allows admins to only allow certain programs to modify files in folders that we select.

I am trying to play about with the feature but none of our fully upto date Windows 10 PC's in the office have it.... does anyone have it yet? :)


submitted by /u/WarioTBH
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

13.12.2017 04:16:00 Quelle:

Using Windows 10 LTSB in an environment

Hey guys quick question. Do any of you use Windows 10 LTSB as your main image for workstations in your environment? Is it even supposed to be used for it? I’ve been looking into it, it seems perfect for an enterprise environment.

submitted by /u/datkhushiboi
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

12.12.2017 22:16:00 Quelle:

TIL - Windows 10 has native OpenSSH client and Server.

Features can be added via "Manage Optional Features"

submitted by /u/galiji
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

12.12.2017 10:17:00 Quelle:

Syspreped Image Windows 1709

Hi Reddit.

I have made a master image of windows 10 1709 and sysprepped it. The Problem is now i can deply ot to the virtual machine but not an actual PC. it gives me 0xc000000f even deployed with full driver packs from HP. The image is prepared in audit mode, does this have any consequence?

submitted by /u/ythgim
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

12.12.2017 04:13:00 Quelle:

Disable Start Button right click context menu in Windows 10

Hello, is there a way to disable the right click context menu on the windows 10 start button using group policy?

submitted by /u/jressler24
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

11.12.2017 22:16:00 Quelle:

(Microsoft) Security Updates from the Win10 Fall Creators Update

Good afternoon again! I feel like I was here last week...

/u/gebray1s posting again today with information and a post from Paul Bergson around Windows 10 and the security features that came with the Fall Creators Update (v1709).

For those of you on the LTSC train, we'll chug on right by you.

This post is not about the pros/cons about the current servicing model of Windows 10, but to provide information as to what is included in the Fall Creator's Update (also, not to complain about the name :) )

For those that want to know (in a single post) some of the new features that you'll be testing and deploying at some point, please read on and visit our article link.

Security Updates from the Win10 Fall Creators Update

Hello, Paul Bergson, back with some great new information regarding the recent release of Fall Creators Update (FCU) for Windows 10, Microsoft released some great new security features that can protect you from unwanted Malware.

I have heard from customers on multiple occasions that their customers are doing just fine with their desktop operating system, one told me “their operating system is getting a bit old, but it still works so why should I upgrade?” That is a great question and it reminds me of a poster that was hung at a railroad switchyard I worked at while going through college. The poster had a general getting his men ready for battle, they were all outfitted with medieval armor as well as swords and bow & arrows. A young scientist was trying to get the generals attention on newly developed battlefield equipment, a machine gun. The general was dismissing him, telling him he was too busy to be bothered and to leave him alone. I sometimes worry this is occurring and, so I try evangelizing the latest tools Microsoft provides to help protect our customers. Just try and keep the following in mind, you can’t expect to beat security threats of the present with tools from the past.

The FCU security updates I would like to discuss are:

  • Exploit Guard
  • Exploit Protection

  • Attack Surface Reduction

  • Controlled Folder Access

  • Network Protection

  • Application Guard

Exploit Protection

If you are a current Enhanced Mitigation Experience Toolkit (EMET) user, you will be happy to know that features that are available within EMET have been migrated to Windows Defender Exploit Guard (WDEG) Exploit Protection (EP). EMET is a great tool but it is being sunset and what is great about WDEG, the fixes are built into the operating system whereas EMET’s were shimmed in. These newly built-in, mitigations are even more comprehensive than EMET.

“As such, with the Windows 10 Fall Creators Update, you can now audit, configure, and manage Windows system and application exploit mitigations right from the Windows Defender Security Center (WDSC). You do not need to deploy or install Windows Defender Antivirus or any other additional software to take advantage of these settings, and WDEG will be available on every Windows 10 PC running the Fall Creators Update.” *1

If you are a current EMET user we don’t expect you to have to go back and recreate all the configuration settings for WDEG EP, we have provided our users with several PowerShell commands to convert your EMET XML settings to WDEG EP mitigation settings. *2

Not only does WDEG EP protect your enterprise from memory attacks it provides a new “Audit” feature (Similar to AppLocker’s audit feature) that allows the administrator to audit the new controls to ensure that as you roll WDEG EP there are no Application compatibility issues.

“You can enable each of the features of Windows Defender Exploit Guard in audit mode. This lets you see a record of what would have happened if you had enabled the feature.

You might want to do this when testing how the feature will work in your organization, to ensure it doesn’t affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.

While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.” *3

System mitigation settings are:

  • Control Flow Guard (CFG) [on by default]
  • Ensures control flow integrity for indirect calls
  • Data Execution Prevention (DEP) [on by default]
  • Prevents code from being run from data-only memory pages
  • Force randomization for images (Mandatory ASLR) [off by default]
  • Force relocation of images not compiled with /DYNAMICBASE
  • Randomize memory allocations (Bottom-up ASLR) [on by default]
  • Randomize locations for virtual memory allocations
  • Validate exception chains (SEHOP) [on by default]
  • Ensures the integrity of an exception chain during dispatch
  • Validate heap integrity [on by default]
  • Terminates a process when heap corruption is detected

Per Application mitigation settings are:

  • Arbitrary Code Guard (ACG)
  • Prevents non-image backed executable code and code page modification
  • Block low integrity images
  • Prevents loading of images marked with low-integrity
  • Block remote images
  • Prevents loading of images from remote devices
  • Block untrusted fonts
  • Prevents loading any GDI-based fonts not installed in the system Fonts directory
  • Code integrity guard
  • Only allow the loading of images to those signed by Microsoft
  • Control flow guard (CFG)
  • Ensures control flow integrity for indirect calls
  • Data execution prevention (DEP)
  • Prevents code from being run from data-only memory pages
  • Disable extension points
  • Disables various extensibility mechanisms that allow DLL injection into all processes such as Windows hooks
  • Disable Win32k system calls
  • Stops programs from using the Win32k system call table
  • Do not allow child processes
  • Prevents programs from creating child processes
  • Export address filtering (EAF)
  • Detects dangerous exported functions being resolved by malicious code
  • Force randomization for images (Mandatory ASLR)
  • Force relocation of images not compiled with /DYNAMICBASE
  • Import address filtering (IAF)
  • Detects dangerous imported functions being resolved by malicious code
  • Randomize memory allocations (Bottom-up ASLR)
  • Randomize locations for virtual memory allocations
  • Simulate execution (SimExec)
  • Ensures that calls to sensitive functions return to legitimate callers
  • Validate API invocation (CallerCheck)
  • Ensures that sensitive API’s are invoked by legitimate callers
  • Validate exception chains (SEHOP)
  • Ensure the integrity of an exception chain during dispatch
  • Validate handle usage
  • Raises an exception on any valid handle references
  • Validate heap integrity
  • Terminates a process when heap corruption is detected
  • Validate image dependence integrity
  • Enforces code signing for Windows image dependency loading
  • Validate stack integrity
  • Ensures that the stack has not been redirected for sensitive functions

WDEG EP is manageable with Windows Defender Security Center, Group Policy or PowerShell with all events recorded in the Event Logs for analysis. Thereby allowing a measured rollout of rules.

Attack Surface Reduction

“Attack surface reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.” *7

These settings are easily manageable from PowerShell, Group Policy, Mobile Device Manager (MDM), Intune or System Center Configuration Manager (SCCM) interfaces. This is all integrated with both the Advanced Threat Protection (ATP) console and Windows Defender Security Center online. Any events generated from either “Audit” or “Block” mode flow into the console for a single pane of glass monitoring, as events occur actions can be taken from the console to apply against the clients.

There are 7 Attack Surface Reduction (ASR) rules that are available for management:

And.... because it is pretty awful to create sub bullets, please continue the article here!

Thanks all!

submitted by /u/pfeplatforms_msft
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

11.12.2017 22:16:00 Quelle:

Scheduled Tasks Via GPO on Windows 10

So I'm losing my mind over here. The company I'm with wants to reboot the machines weekly to for patch application. We want to use Group Policy, but for the life of me I can't get the scheduled task to get created. I'm not seeing any group policy errors in the event log. Does anyone have an advice on what I can do or where to look to make some headway here?


submitted by /u/NotSoWordy
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

11.12.2017 16:16:00 Quelle:

Anyone familiar with answer files?

Hi all,

I'm trying to create an answer file to make installing Windows 10 skip the initial steps and go straight to the login screen.

I've managed to get mostly everything working apart from three menus that still appear which are:

  1. Let's start with region. Is this right?
  2. Is this the right keyboard layout?
  3. Want to add a second keyboard layout?

I'm honestly not sure what settings I need to specify in the .xml to make these hidden, any ideas?

thank you

submitted by /u/smittyjaja
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

11.12.2017 10:16:00 Quelle:

Sysdad: Admin at home

If there's a better subreddit for this, please let me know.

Hey parents. It's finally happened. My little girl has reached the age where she has friends that know how to get her admin rights on her homework computer. It's a windows 10 home edition, and I'm really not interested in shelling out extra for higher versions of W10 to get proper admin abilities built in.

That said, can anybody recommend something to help me on this? I've added a password and re-deactivated the default admin account, changed my own admin password, and will be locking down the boot cycle from the bios/uefi. Are there any tools to alert me when she "accidentally" becomes an admin again? Maybe even snap a shot when the account status is similarly modified?


submitted by /u/Quietech
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

11.12.2017 10:16:00 Quelle:

Remote Credential Guard and RD Gateway

Can anyone confirm what the state with RD Gateways is with Windows 10 v1607+?

I know the W10 update introduced the RCG with no support for RD Gateways, but the Microsoft page on RCG seems to have removed any record of it not working with RD Gateway, leaving just the one comment asking about it.

Does this mean that I could deploy a 2016 RD Gateway and I wouldn't have to either disable RCG or add a registry key?

Are there other ways apart from disabling it outright or a registry key ? The majority of devices that connect to our gateway aren't managed by us, nor are the users (there is some scope for RemoteApp as well)

submitted by /u/sparkblaze
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

09.12.2017 16:11:00 Quelle:

Why I recommend staying away from AVG Business Internet Security Business Edition

I thought I'd do a little write up to spare any potential customers of AVG's horrendous products some nightmares and headaches if you plan to use it in a business setting.

We are using AVG Internet Security Business Edition in an organization with a little over 100 users. I work as a systems administrator in this organization and I think getting an actual virus would be easier to recover from than the amount of struggles and problems we've had with AVG. I'm going to start off positively and list the only three good things about this product:

  • Support reps speak English and answer the phone quickly without being put on an infinite hold
  • Detection rates are pretty spot on
  • Remote management interface is easy to navigate

Truly, I'd expect those three things to be offered to any paying customer. Here's a list of problems I've had since day one:

  • Many installs fail, resulting in my having to spend up to an hour running the removal tool and trying to reinstall just to get it to work.
  • The network install through the management is flaky, for some machines it worked, others it did not.
  • AVG is configured out of the box to pop up and bother the user constantly. This creates unnecessary tickets for the help desk and causes a lot of frustration for end users. Whenever a virus is detected, AVG will pop up and stop the user from getting any work done to ask them if it should remove the virus or not. Well, of course it should. Why would you ask a USER if it should delete the virus? Trusting end users with security is a bad idea to start with. Not to mention, users are busy enough. They shouldn't be tasked with the responsibility of deciding whether or not to let an AV software do its job or not. This also creates a ticket, thus stopping the user until IT comes on site to look at the problem since a remote support session can't be initiated thanks to AVG not allowing the user to do anything.
  • The AVG interface will just randomly pop up at times for no reason at all. I guess it just wants to say "HEY, I'M HERE!". Since AVG is so forgettable, I guess it feels a need to show its presence once and a while. Again, causes irritation amongst users and creates another support ticket. Thanks AVG.
  • False positives - through group policy, we have a series of shortcuts that are added to users' desktops (Office 2016) that are run through cmd.exe. Guess what. AVG decides to block cmd.exe from running, once again creating a million support tickets from people saying they can't open some programs.
  • Despite configuring AVG to not constantly pop up and annoy users in the remote management console, there's no full way around it. You can configure it all day long, AVG will still pop up for some things.
  • After a major Windows 10 Feature Update is installed, AVG will block any inbound and outbound access. This is stupid, and results in lost productivity and more support tickets since users can't authenticate with the domain, thanks to AVG's harebrained approach and blocking every fucking port after these updates. Luckily, restarting the machines twice fixes the issue, but not every user knows that. This results in every user calling the help desk and fighting with our staff by insisting that they've already restarted twice.
  • It's expensive. $50 per machine and they don't offer non-profit pricing. What a joke. Your organization would gain more money by not having it installed. I guess that makes AVG a scam.

I'm sure there's more, but those are the things that come to mind right now. Ultimately, I think we've actually lost money and productivity by having AVG installed on our systems. Kind of defeats the purpose, you'd think. But I'm sure the team of fools at AVG headquarters think that constantly popping up and disturbing users, failed installs, blocking all network traffic, blocking safe programs, etc. is all fine and dandy and that anyone who says otherwise is simply incompetent. This is why you should stay away from any of AVG's offerings. I am happy to report that by the beginning of next year, our AVG license will expire and I have convinced my superiors not to renew it. We're looking at other options, namely BitDefender, Sophos, Trend and a few others.

Note to AVG if you're reading this: I hope this serves to prioritize making an effort to improve your products and to allow other organizations to save on profit and productivity without devoting so much time repairing the broken mess that AVG Internet Security Business Edition.

submitted by /u/UncleverUsername89
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

09.12.2017 04:15:00 Quelle:

Windows 10 OOBE setup wizard silently truncates passwords

This is incompetence beyond belief, even for Microsoft.

In addition to it's cringetastic autoplay Cortana dialog that sounds like my mom reading jokes written by committee, the OOBE wizard contains a design error I usually only experience on junk-tier Chinese embedded web UIs.

Like many sensible people I use xkcd 936 style random passwords, which make documentation and setup a breeze. This year was my first time deploying new Win10 notebooks straight from Dell, so I had to do the out-of-box setup myself. As you likely know this involves creating a local user account prior to joining to domain.

I made it through first boot just fine every time, going about normal setup tasks, but would get stumped after the first reboot. I couldn't login to the local account with the newly documented password. I had no choice but to factory restore and repeat setup, only to have this happen again.

The first time this happened, I figured I must have just used a really easy to screw up password, so I generated a new one which happened to work. But the second and third time it occurred, several weeks apart and with different models, I started to think I was going slowly insane.

It was only on the most recent notebook, having just factory reset again, that I noticed what was going on while I was typing the password into the wizard painfully slowly. The wizard was throwing away the last several characters of the new password! Without warning! With no instructions telling you to avoid this! Then, the first time you boot to the real logon screen, your input is unmolested, and therefore doesn't match.

For reference, the actual Windows password length limit is 127 characters. The wizard cuts you off after 24-ish, probably because it was written by a time traveler from 1986 who thought "that should be enough for anybody" and was not provided any technical requirements telling him otherwise. I suspect this same interloper may have been employed by every airline and bank in America.

The only indication this is happening, which I didn't notice many times, is if you look carefully at the password box as you type, when it hits the limit, it stops adding new dots to the textbox. There is a "reveal password" toggle, but it isn't active while typing, and who needs that anyway.

Through experimentation, I found all three of my current Windows passwords - which I use to sign in at work every day - are silently rejected by the official setup utility, a miserable and unpolished application likely built by a different team lacking the information and experience necessary for such a vital interface. This breaks fundamental UI design principles and forces less secure passwords, for no deliberate purpose. This is a design failure I first discovered on my junkbox Supermicro IPMI interface, and would never expect from a product sold by MS or Dell.

What a horrible new user experience! I wonder how many non-technical people must have reached this dead-end with their brand-new computer. It's a showstopping bug that requires wiping your whole computer or taking it in for repair if you aren't informed of this specific failure type.

This is an embarrassment, Microsoft. Sadly, this is only one of many needlessly redesigned Windows 10 interfaces, executed amatuerishly, that add more limitations and introduce new bugs for no apparent reason. What a shame.

submitted by /u/anechoicmedia
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

08.12.2017 22:14:00 Quelle:

The Windows 10 desaster

Hey guys, Today I tried to set up a VM with Windows 10 for Cubase (Audio Mixing and Mastering). I quit Windows completely shortly after the release of the 10 Insider Preview. Before I was just using Windows 10 for Games and special software. The Installation was like Windows 7 with other graphics. But todays Installation was different this time. Out of the nothing Cortana screamed into my ear and told me how awesome Windows is! Why would any user likes an Installation with a voice assistant screaming in your ear. I was listening to music while she started. And there's No way to skip her monologs. Cortana is the most useless feature in Windows 10, not mentioning that it took up to 2Gbits of RAM sometimes, while it was disabled. Then I got the nice ads in the startmenu and in the program overview. Also I found no way to permanently disable auto Updates, prevent reboots or disable cortana. The Task is allways active and cannot bei stopped. It always starts again. WHY??? What is that? Windows 10 is unusable with 4Gbits of RAM and 4 CPU Cores. The User Experience is aweful. What is it that everybody don't care about that? Why are there so many people using Windows 10 and enjoying it? I'm really frustrated now. Wasted the hole afternoon for a broken and not working environment, that other people find good for work? After one hour of Update Installation of course. In my opinion that is a situation no user could possibly accept. What's your opinion about the newest "Features" from Windows 10.

submitted by /u/itsescde
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

08.12.2017 22:14:00 Quelle:

Looking for advice on an Imaging Setup

Good Morning /r/sysadmin, I apologize in advance for any ignorance or stupid questions on my part.

I've been tasked with setting up/creating/etc a new Imaging Server, as we've now reached the point in the company where just using a Thumb-drive with some configuration scripts will no longer suffice. I've never done that before, and there's no one here to ask for help.

Installing and setting up Windows Server is no issue. I'd like to use Windows Server 2016 (but may have to use 2012 R2). I'd need to image approx 30+ units at a time. There will be several images based on hardware type and where it's going. Among those Images are Windows 10 and Windows 7.

What trips me up is the following

  1. For Imaging Purposes, do I use MDT, SCCM or Symantec Ghost?
  2. I may have to use Symantec Ghost, but does it work on Windows Server 2016? (Can't seem to get an answer from them despite calls/emails)
  3. Server wise, what hardware is recommended? From what research I've done, I'd like to make use of Hyper-V as I don't want to have several physical servers setup. It seems regardless of my choice SQL server is required. (Won't need to administrate the units once they're imaged) Would also like to keep the images up to date in regards to Windows Updates as some of these units take forever to update normally.
  4. I'll have a KVM IP switch, and a good networking switch, but is there anything I'm overlooking?

I appreciate any time you could spare to help direct/educate me on this.

submitted by /u/RPRob1
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

08.12.2017 16:12:00 Quelle:

Windows 10 1709 Hyper-V: Standard-Switch für NAT und DHCP-Server

Virtual Switch (vSwitch)Zu den Neuerungen von Hyper-V in Windows 10 Fall Creators Update gehört, dass der Hyper­visor auto­matisch mit einem Standard-Switch ausge­stattet wird. Dieser lässt sich nicht konfi­gurieren oder ent­fernen, aber er verein­facht das Ein­richten von NAT-Netz­werken und umfasst einen DHCP-Dienst.

der Autor auf            ext. Link anzeigen

08.12.2017 04:14:00 Quelle:

Windows 10 1709 (Fall CU) automatically installing bloatware in Audit Mode

Hi fellow sysadmins,

So my reference machine for MDT is running W10 1709, and I have left it in Audit Mode to prevent it from automatically installing these idiotic packages that can't be properly generalized during Sysprep, causing it to fail. Recently, however, I've noticed that, despite being in Audit Mode, Windows is installing them anyway. I just had a Capture fail during Sysprep because of this.

For the time being I'm manually removing the affecting packages, but it doesn't seem sustainable. What can I do to stop this from happening? I've looked up all manner of Group Policy + Registry fixes, all of which are applied (and thus not working) at this point. It seems like 1709 has broken all of the previous fixes.

submitted by /u/Creath
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

07.12.2017 22:10:00 Quelle:

Windows 10 und Server 2016 verschlanken mit dem Citrix Optimizer

Citrix OptimizerAuch wenn sich die Hardware-Anforderungen seit Windows 7 nicht nennens­wert erhöht haben, so schleppt das OS für bestimmte Umge­bungen immer noch zu viel Ballast mit. Das gilt vor allem für virtuelle Desk­tops, Terminal-Server oder leistungs­schwache PCs. Citrix Optimizer automa­tisiert das Entfernen un­nötiger Kompo­nenten.

der Autor auf            ext. Link anzeigen

06.12.2017 16:14:00 Quelle:

If anyone had trouble setting up Migadu Webmail with the Windows 10 Mail App, Ive made a short guide to help.

Setting up Migadu Email on Windows Mail

Setting up a Migadu email account on the Windows Mail app can be a little confusing as the names of the required fields differ to the official Migadu tutorial. I’ve written a short guide, mainly for myself as I successfully set the mail up once then forgot how to a few months later.

Hope it helps,


Navigate to ‘Internet email’

Open the app and click the small cog symbol (bottom left) to open the settings menu.

Then navigate to: Manage Accounts > Add Account > Advanced setup > Internet email

Fill in the Fields:

Email Address - Email Address of the Account you wish to set-up

Username - Email Address of the Account you wish to set-up

Password - Password on Migadu of the Account you wish to set-up

Account Name - Your Choice just be the display name of the account on the Mail App

Send your messages using this name - The Name prefixed before the email on messages (ex. John Smith

Incoming Email Server - enter '' (no quotes)

*Account Type - *select 'IMAP4'

Outgoing (SMTP) email server - enter '' (no quotes)

Outgoing Server requires authentication - Check

Use the same username and password for sending emails - Check

Require SSL for incoming emails - Check

Require SSL for outgoing emails - Check

If the guide no longer works or the names of fields are different; please let me know:


Twitter: @bror_charlie

submitted by /u/charlie_ewing
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

06.12.2017 16:14:00 Quelle:

Cant restore a Windows 10 object in AD recycle bin

an attempt was made to modify an object to include an attribute that is not legal for its class deleted object

So in Google fu I found where someone else was missing the msDS-KeyCredentialLink in their Schema. So I checked, using powershell, every attribute I could associated with the deleted object, and every single one is accounted for. Any idea how to find what's missing?

submitted by /u/98cwitr
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

06.12.2017 04:13:00 Quelle:

Am I missing something with the Surface Pro 4 + Surface Dock combo? Nothing but headaches in our deployment

I've got about 15 users so far running around with a Surface Pro 4 + a Surface Dock at their desks, and not a single one is without issues. As users have started reporting issues, I've been verifying that their dock firmware is up to date, but the ones that are still have an array of issues. We're talking:

  • Not activating USB ports
  • Not activating all of the monitors
  • Activating half of one monitor, never activating the second one
  • Not activating the Ethernet port

It seems any combination of Windows 10 versions with the dock up to date still leaves me with plenty of issues. We wanted a consistent experience for OTR users (and didn't want to have to buy them two workstations) but this is crazy. Half of them blue screen when users step out for lunch (seems they blue screen related to the Surface Ethernet driver, something about power state), including the CEO, with the other half doing at least 2 of the things from the list above every single day.

Have I missed a step here? I see lots of praise for the Surface Pro + the docks around here but I'm at the point where I want them out of the environment ASAP.

submitted by /u/Clutch_22
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

06.12.2017 04:13:00 Quelle:

Lap-slabtop-mobes with Snapdragon Arm CPUs running Windows 10: We had a quick gander

Imagine a netbook with a SIM card. Bingo

Pics  Today, Qualcomm, Microsoft, Asus, HP Inc and Lenovo talked up their upcoming Arm-compatible, Snapdragon-powered three-in-one Windows 10 PCs.…

der Autor auf            ext. Link anzeigen | ext. Link in deutsch (Testphase)

05.12.2017 22:13:00 Quelle:

Chromebooks in Windows Domain?

Anyone integrating Chromebooks into your Windows domain? Any tips? Do you allow users to use their personal Google accounts, or do you setup generic Google accounts? Do you manage using System Center?

We are using mostly Windows 10, Server 2012 R2/2016, and System Center Current Branch (1706 right now). We use Office 365, not Google Apps. Just dipping our toes into this as more of our staff want to use laptops for notetaking at meetings both onsite and offsite during the day, and occasionally have work that can only be done through an app (one government service we need to use is not available as a web app, only via Android or iOS).

I've just bought one Lenovo Flex11e to test but I'd like to set it up the way that is most likely to work from the beginning. Eventually if this works out, I'll probably have 9-10 Chromebooks, or some inexpensive traditional laptops.

submitted by /u/nonprofittechy
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

05.12.2017 04:12:00 Quelle:

(Microsoft) Infrastructure + Security: Noteworthy News (December, 2017-Part 1)

I know, I know... two posts in one day. I'm sorry. This one is more links, less content. These tend to get downvoted because of /r/sysadmin. :-)

Either way, I think they provide benefit as we can't see everything that gets posted and Stanislav tries to gather some of the most beneficial content for you.

Article Link:

Infrastructure + Security: Noteworthy News (December, 2017-Part 1)

Hello there! Stanislav Belov here to bring you the next issue of the Infrastructure + Security: Noteworthy News series!

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy!

Microsoft Azure

Transforming your VMware environment with Microsoft Azure

Microsoft on November 21, 2017, announced new services to facilitate your VMware migration to Azure.

  • On November 27, 2017, Azure Migrate, a free service, will be broadly available to all Azure customers. Azure Migrate can discover your on-premises VMware-based applications without requiring any changes to your VMware environment.
  • Integrate VMware workloads with Azure services.
  • Host VMware infrastructure with VMware virtualization on Azure.

Free e-book download: Enterprise Cloud Strategy

In the second edition of the Enterprise Cloud Strategy e-book, we’ve taken the essential information for how to establish a strategy and execute your enterprise cloud migration and put it all in one place. This valuable resource for IT and business leaders provides a comprehensive look at moving to the cloud, as well as specific guidance on topics like prioritizing app migration, working with stakeholders, and cloud architectural blueprints. Download now.

Azure Hybrid Benefit for Windows Server

For customers with Software Assurance, Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines on Azure at a reduced cost. You can use Azure Hybrid Benefit for Windows Server to deploy new virtual machines from any Azure supported platform Windows Server image or Windows custom images. As long as the image doesn’t come with additional software such as SQL Server or third-party marketplace images.

... Continue Azure on the Article Link...

Windows Server

Why use Storage Replica?

Storage Replica offers new disaster recovery and preparedness capabilities in Windows Server 2016 Datacenter Edition. For the first time, Windows Server offers the peace of mind of zero data loss, with the ability to synchronously protect data on different racks, floors, buildings, campuses, counties, and cities. After a disaster strikes, all data will exist elsewhere without any possibility of loss. The same applies before a disaster strikes; Storage Replica offers you the ability to switch workloads to safe locations prior to catastrophes when granted a few moments warning – again, with no data loss.

Storage Replica may allow you to decommission existing file replication systems such as DFS Replication that were pressed into duty as low-end disaster recovery solutions. While DFS Replication works well over extremely low bandwidth networks, its latency is very high – often measured in hours or days. This is caused by its requirement for files to close and its artificial throttles meant to prevent network congestion. With those design characteristics, the newest and hottest files in a DFS Replication replica are the least likely to replicate. Storage Replica operates below the file level and has none of these restrictions.

Windows Client

Announcing Windows 10 Insider Preview Build 17035 for PC

Microsoft on November 8, 2017, released Windows 10 Insider Preview Build 17035 for PC to Windows Insiders in the Fast ring and for those who opted in to Skip Ahead. The new build features an ability to mute a tab that is playing media in Microsoft Edge, an ability to wirelessly share files and URLs to nearby PCs using the Near Share feature, improvements to Windows Update, and more.

Move away from passwords, deploy Windows Hello. Today!

Since Windows 10 originally released we have continued to make significant investments to Windows Hello for Business, making it easier to deploy and easier to use, and we are seeing strong momentum with adoption and usage of Windows Hello. As we shared at Ignite 2017 conference, Windows Hello is being used by over 37 million users, and more than 200 commercial customers have started deployments of Windows Hello for Business. As many would expect, Microsoft currently runs the world’s largest production, with over 100,000 users; however, we are just one of many running at scale, the second largest having just reached 25,000 users.

Finish the rest at the article link.

Please let me know if you have any questions here or at the article link.

Until next week - /u/gebray1s

submitted by /u/pfeplatforms_msft
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)

05.12.2017 04:11:00 Quelle:

Project Honolulu 1711: Integration von PowerShell und RDP, Management von Windows 10

Projekt HonoluluMicrosoft veröffent­lichte eine weitere Preview seiner Web-basierten Management-Tools für Windows. Sie sind nun in der Lage, eine RDP- oder eine Power­Shell-Verbin­dung zu den verwal­teten Remote-PCs aufzu­bauen. Außer­dem unter­stützen sie nun auch Client-Systeme und dienen dort als Alter­native zur Computer­verwaltung.

der Autor auf            ext. Link anzeigen

04.12.2017 22:13:00 Quelle:

From the graaaaaave! WileyFoxs Windows 10 phone delayed again

Yeah, the WinMobe is somehow still a thing

WileyFox's Windows 10 Mobile – yes, you read that correctly – has been delayed again, and will now bump into Santa doing his rounds early.…

der Autor auf            ext. Link anzeigen | ext. Link in deutsch (Testphase)

04.12.2017 22:13:00 Quelle:

(Microsoft) Simple PowerShell Network Capture Tool

Good afternoon all! We have quite an interesting post today around remote packet captures.

While I can promise that this should help you perform the packet capture, I can't teach you to read it.

As always, please leave questions here or in the..

Article Link:

Simple PowerShell Network Capture Tool

Hello all. Jacob Lavender here again for the Ask PFE Platforms team to share with you a little sample tool that I’ve put together to help with performing network captures. This all started when I was attempting to develop an effective method to perform network traces within an air gapped network. My solution had to allow me to use all native functionality of Windows without access to any network capture tools such as Message Analyzer, NETMON, or Wireshark. In addition, I’d need to be able collect the trace files into a single location and move them to another network for analysis.

Well, I know the commands. The challenge is building a solution that junior admins can use easily. Several weeks later I found the need for it again with another customer supporting Office 365. This process resulted in the tool discussed in this post.

Time and time again, it seems that we’ve spent a great deal of effort on the subject of network captures. Why? Because one of the first questions a PFE is going to ask you when you troubleshoot an issue is whether you have network captures. Same is true when you go through support via other channels. We always want them, seem to never get enough of them, and often they are not fun to get, especially when dealing with multiple end points.

So, let’s briefly outline what we’re going to cover in this discussion:

  • Topic #1: How to get the tool.
  • Topic #2: Purpose of the tool.
  • Topic #3: Requirements of the tool.
  • Topic #4: How to use the tool.
  • Topic #5: Limitations of the tool.
  • Topic #6: How can I customize the tool?
  • Topic #7: References and recommendations for additional reading.

Compatible Operating Systems:

  • Windows 7 SP1
  • Windows 8
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012 R2
  • Windows Server 2016

Topic #1: Where can I get this tool?

Topic #2: What is the purpose of this tool as opposed to other tools available?

This certainly should be the first question. This tool is focused toward delivering an easy to understand approach to obtaining network captures on remote machines utilizing PowerShell and PowerShell Remoting.

I often encounter scenarios where utilizing an application such as Message Analyzer, NETMON, or Wireshark to conduct network captures is not an option. Much of the time this is due to security restrictions which make it very difficult to get approval to utilize these tools on the network. Alternatively, it could be due to the fact that the issue is with an end user workstation who might be located thousands of miles from you and loading a network capture utility on that end point makes ZERO sense, much less trying to walk an end user through using it. Now before we go too much further, both Message Analyzer and Wireshark can help on these fronts. So if those are available to you, I’d recommend you look into them, but of course only after you’ve read my entire post.

Due to this, it is ideal to have an effective method to execute the built-in utilities of Windows. Therein lies NetEventSession and NETSH TRACE. Both of these have been well documented. I’ll point out some items within Topic #7.

The specific target gaps this tool is focused toward:

  • A simple, easy to utilize tool which can be executed easily by junior staff up to principle staff.
  • A means by which security staff can see and know the underlying code thereby establishing confidence in its intent.
  • A lite weight utility which can be moved in the form of a text file.

With that said, this tool is not meant to replace functionality which is found in any established tool. Rather it is intended to provide support in scenarios where those tools are not available to the administrator.

Topic #3: What are the requirements to utilize this tool?

1.An account with administrator rights on the target machine(s).

2.An established file share on the network which is accessible by both

The workstation the tool is executed from, and

The target machine where the trace is conducted

3.Microsoft Message Analyzer to open and view the ETL file(s) generated during the trace process.

Message Analyzer does not have to be within the environment the traces were conducted in. Instead, the trace files can be moved to a workstation with Message Analyzer installed.

  1. Remote Management Enabled:

winrm quickconfig


Note: Technically, we don’t have to have Message Analyzer or any other tool to search within the ETL file and find data. However, to do so, you must have an advanced understanding of what you’re looking for. Take a better look at Ed Wilson’s great post from the Hey, Scripting Guy! Blog:

Topic #4: How do I use this tool?

Fortunately, this is not too difficult. First, ensure that the requirements to execute this tool have been met. Once you have the tool placed on the machine you plan to execute from (not the target computer), execute the PS1 file.

PFE Pro Tip: I prefer to load the file with Windows PowerShell ISE (or your preferred scripting environment).

Note: You do not have to run the tool as an administrator. Rather, the credentials supplied when you execute the tool must be an administrator on the target computer.

Additional Note: The tool is built utilizing functions as opposed to a long script. This was intentional as to allow the samples within the tool to be transported to other scripts for further use – just easier for me. While I present the use of the tool, I’ll also discuss the underlying functions.

Now, that I have the tool loaded with ISE, let’s see what it looks like.

1.The first screen we will see is the** legal disclaimer**. These are always the best. I look forward to executing tools and programs just for the legal disclaimers. In my case, I’m going to accept. I will warn you that if you don’t accept, then the tool will exit. I’m sure you’re shocked.

Picture 1

2.Ok, now to the good stuff. Behind the scenes the tool is going to clear any stored credentials within the variable $credentials. If you have anything stored in that variable within the same run space as this script, buckle up. You’re going loose it. Just FYI.

3.Next, the tool is now going to ask you for the credentials you wish to use against the target computer. Once you supply the credentials, the tool is going to validate that the credentials provided are not null, and if they are not, it will test their validity with a simple Get-ADDomain query. If these tests fail, the tool will wag the finger of shame at you.

Picture 2


Continue the article here.

Until next time (later today, with our monthly link roundup)...


submitted by /u/pfeplatforms_msft
[link] [comments]

    ext. Link anzeigen | ext. Link in deutsch (Testphase)