Category Archives: Windows

Standard

Posted by

Posted on

February 25, 2017

Posted under

Windows10

Comments

Leave a comment

Dynamic Lock in Windows 10 (Coming in Creators Update)

We always see computers left unattended and unlocked at the workplace and even worse, public places like coffee shops. In Windows Creators update, Microsoft has introduced Dynamic Lock. When you pair your phone (Bluetooth) with Windows 10, now the option to lock the computer automatically when you walk away will be available.

If you have the Insiders Preview today, you can test this by enabling Dynamic Lock by going to Settings > Accounts > Sign-in options and toggle Dynamic lock to “on”. Make sure you phone is paired to your computer first.

For the Enterprise, Dynamic Lock can also be enforced via Group Policy.

Standard

Posted by

Posted on

October 9, 2016

Posted under

ConfigMgr, Enterprise Mobility Suite, MDM, Microsoft Intune, SCCM, Windows10

Comments

Leave a comment

Windows Defender ATP – Onboarding Endpoint with Configuration Manager 1606 or higher

To be able to review Windows 10 endpoints (Anniversary Update or higher) into Windows Defender ATP, you will need to onboard first. There are several ways to do so including scripts, Group Policy, Intune, Configuration Manager 2012 through current branch 1602. With the release of Configuration Manager branch update 1606, it now includes integrated Windows Defender ATP to be able to monitor and deploy the policies.

  1. To get started, login to the Windows Defender ATP site to download the policies https://securitycenter.windows.com/download
  2. Choose the drop down Select your deployment tool, and select the System Center Configuration Manager (current branch) version 1606

  3. This will download a ZIP file with the onboarding package. Unzip it to where you can access it with ConfigMgr.
  4. Under Assets and Compliance, expand Endpoint Protection where you will see Windows Defender ATP Policies. Select Windows Defender ATP Policies , and click Create Windows Defender ATP Policy from the toolbar or right click.
  5. Follow the wizard to import the onboarding file you downloaded from the site. (NOTE: SCREENSHOT SHOWS OFFBOARDING, BUT SHOULD BE ONBOARDING)

  6. Once done, you will see the policies in the console. Right client or from the toolbar, click Deploy.

  7. You can do this for off-boarding as well. From the same site, you can select to download the off-boarding package and then follow the steps above to import into ConfigMgr.
Standard

Posted by

Posted on

July 25, 2016

Posted under

Windows10

Comments

Leave a comment

Quick Assist in Windows 10

 

Microsoft in the latest Insider Previews has introduced (or reintroduced) Quick Assist. Quick Assist is a remote desktop tool to assist other users with Windows 10 or apps. This can be very useful for business to help remote users or folks in IT trying to help friends and family.

 

From the Start Menu, go to Windows Accessories and you will see the desktop app called Quick Assist. Currently I have build 10.0.14393 which has this application.

 

  1. Click Quick Assist and click Give Assistant.
  2. You will be asked to sign into your Microsoft Account (MSA, Live, Hotmail, Outlook.com, etc.) that you have registered.
  3. Once you sign in, you will get the Share security code dialog with a code. (* I have crossed out the code here. Even though it will not work after the expiration, I wanted to play it safe).

  4. You can copy to clipboard, send email or provide instructions.
  5. Now tell the user how to use the code so they can let you in to remote in.

Remote User

  1. Open the Start menu and select All apps > Windows Accessories > Quick Assist.
  2. Select Get assistance and follow the instructions.
  3. If User Account Control appears, select Yes to continue.
  4. After the steps are completed, please wait a few minutes for your devices to connect

     

    You will see it connecting and the remote user will need to click
    Allow to give access.

     

     

Standard

Posted by

Posted on

March 16, 2016

Posted under

ConfigMgr, SCCM, Windows10

Comments

Leave a comment

Configuration Manager 1602 Changes – Part 1

 

Here are few new items in the 1602 branch of Configuration Manager

 

  1. A new option in the Software Center that allows the user to poll the user and machine policies (without going through the Control Paten applet). In Software Center (after the new client push), a Sync Policy button has been added to the Options > Computer Maintenance page.

  1. Windows 10 Device Health Attestation. This can be enabled in Administration > Overview > Client Settings under Computer Agent

To view the device health attestation view, in the Configuration Manager console go to the Monitoring workspace of, click Security node, and then click Health Attestation.

  1. Configuration Manager sites that run version 1602 or later support the in-place upgrade of the site servers operating system from Windows Server 2008 R2 to Windows Server 2012 R2. Before you upgrade to Windows Server 2012 R2, you must uninstall WSUS 3.2 from the server.
  2. New filter options are available for Windows 10 servicing plans that allow you to filter for Language, Required, and Title. Only upgrades that meet the specified criteria will be added to the associated deployment. Prior this change, all upgrades were being downloaded regardless of language or SKU.

Standard

Posted by

Posted on

January 24, 2016

Posted under

ConfigMgr, GPO, MDT, OSD, Windows10

Comments

Leave a comment

Disable Wi-Fi Sense – Windows 10

Option 1.

Update to registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config

Or via Login Script or during the task sequences in Configuration Manager or MDT (post image install)

reg add HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config /t REG_DWORD /v AutoConnectAllowedOEM /d 0

Option 2.

Modify Unattend.xml to add Microsoft-Windows-WiFiNetworkManager

Set WiFiSenseAllowed to 0

Option 3.

For Windows 10 build 1511 or later

Configure the Group Policy Object Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services under

Computer Configuration\Administrative Templates\Network\WLAN Service\WLAN Settings\.

Standard

Posted by

Posted on

December 23, 2015

Posted under

MDT, Uncategorized, Windows10

Comments

Leave a comment

MDT 2013 Update 2 Now Available

Microsoft has just released an update to MDT 2013 today as Update 2.  Update 1 provided Windows 10 support (Windows 10 supported ADK is needed still).  Update 2 as stated in the blog does not add major new features but adds some improvements to existing features and functionality.

http://blogs.technet.com/b/msdeployment/archive/2015/12/22/mdt-2013-update-2-now-available.aspx

@jparekh_tech (Twitter)
jparekh at netrixllc dot com
www.desktopguy.com

MDM in Windows 10
Standard

Posted by

Posted on

October 11, 2015

Posted under

MDM, Windows10

Comments

Leave a comment

Built-In Mobile Device Management capabilities in Windows 10

The MDM capabilities provided in Windows covers the complete lifecycle of the device.

  • Enrollment capabilities to automate the MDM enrollment of the device as part of the Azure Active Directory join process.
  • New controls for configuring and managing the Start menu.
  • New controls over Windows updates, allowing you to control when specific Windows updates are deployed to MDM-managed devices (think “WSUS from the cloud”).
  • New AppLocker and Enterprise Data Protection configuration settings.
  • Integration with the Windows Store and the Business Store Portal (BSP) to enable automated app management.
  • Full device wipe capabilities, even for PCs.

These capabilities are supported on all types of devices, including Windows phone devices, PCs and tablets, and Internet-of-Things (IoT) devices.

MDM in Windows 10

Standard

Posted by

Posted on

August 4, 2015

Posted under

Windows10

Comments

Leave a comment

Setup Windows Hello with Intel RealSense 3D Camera F200

Quick video to show you how easy it is to setup Windows Hello with the right supported camera.  For this, I am using the Intel RealSense 3D Camera available direct from Intel.  PC manufacturers like Dell have already announced their laptops will have this technology built in specific for the Windows Hello as shown here.

For more information on Windows Hello, please visit:

http://windows.microsoft.com/en-us/windows-10/getstarted-what-is-hello

To read more or order the camera from Intel, go to:

http://www.intel.com/content/www/us/en/architecture-and-technology/realsense-overview.html

Standard

Posted by

Posted on

July 30, 2015

Posted under

Windows10

Comments

Leave a comment

Windows 10 Enterprise with Software Assurance

As I mentioned in a previous post, with the Windows 10 launch, MDOP is now included as an SA benefit, and is no longer a separate add-on.  This post explains Windows 10 Enterprise features with Software Assurance

Windows 10 Enterprise edition includes:

  • Granular UX Control, in which IT is able to customize and lock down the user experience of a Windows device for task-workers, kiosks, IoT/ embedded type functions using device management policies.
  • Pass the Hash Mitigations: The ability to store derived credentials (i.e.: NTLM hashes and Kerberos tickets) and the process that manages them (i.e.: Local Security Authority Subsystem Service (LSASS)), in a Hyper-V protected environment that is called a “Virtual Secure Mode (VSM)”. The VSM provides hardware based isolation and protection of derived credentials and prevents them from being stolen or misused even in the event that the Windows kernel is fully compromised. This capability prevents Pass the Hash (PtH) attacks which enable an attacker to impersonate a user on the network.
  • Device Guard: Device Guard locks down the device such that it can only run trustworthy executable code (e.g.: .exe, .dll) which means that they are signed by a trusted authority.  Device Guard can be used in combination with AppLocker, which is also included in the Enterprise Edition. In this case Applocker can be used to define which apps from a vendor who’s signature has been added to the trust list can be run on a device.

Below graphic shows the benefit of the Enterprise SKU along with Software Assurance.

2015-07-29_22-22-07

Standard

Posted by

Posted on

July 29, 2015

Posted under

ConfigMgr, Windows, Windows10

Comments

2 Comments

Windows 10 Works with Existing Infrastructure

Deploying and managing Windows 10 in your business does not mean upgrading your client management infrastructure.  Use your existing SCCM and Windows Server investments to deploy and manage the new Windows 10, which has now been officially released.  See the matrix below for compatibility information.  Also note, a new version of System Center Configuration Manager is in the works which will offer new capabilities related to Windows 10 features but is not needed to get Windows 10 out to your users today!

2015-07-29_16-13-21

Twitter: @jparekh_tech