Search This Blog

Saturday, April 30, 2016

Prevent installing Candy Crush, Twitter and other apps from Windows 10


One of my customers was noticing what at first seemed weird problem - unwanted apps like Twitter and Candy Crush appear on Windows 10 soon after the OS was installed.

This actually is a feature by design from Microsoft, and if you want to turn it of, you should use this group policy value:
Computer Configuration –> Administrative Templates –> Windows Components –> Cloud Content” called “Turn off Microsoft consumer experiences”: Enabled

More info here

Friday, April 29, 2016

Windows 10 updates and upgrades explained

There is still a lot of confusion when question comes to Windows 10 updates and upgrades in coorporate environemnt.
So here is my short explanation.
Windows 10 has two update types:
  1. Feature updates (also known as ugprades), these add new features to Windows 10 operating system and upgrade the OS build;
  2. Servicing updates. These are regular security and reliability updates and they are similar to what we have seen in previous Windows OSes.

Windows 10 has three different configuration options, they differ how feature and servicing updates are received:

  1. Current Branch (CB). This option receives feature updates immediately. Servicing updates (this includes security updates) for this option are available for approximately four months. So you must upgrade to next CB build to stay supported and receive servicing updates.
  2. Current Branch for Business (CBB). Feature updates are received approximately four months later than CB. Servicing updates are available for at least eight months.
  3. Long Time Servicing Branch (CBB). Does not receive feature updates. Servicing updates are available for at least ten years. This options is only available if you use Windows 10 Enterprise.

Friday, April 22, 2016

Enable Remote Desktop remotely (through registry or by disabling Windows Firewall)

It is hard situation when you know the server is on but cannot connect to it because Remote Desktop is not enabled.
There are two thing you can do:
1) If you are able to connect to server through Remote Registry, then navigate to
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
key, find fsDenyTSConnections value and change the it to 0
2) If the computer is domain joined then it is possible to create a group policy which disables Windows Firewall.
Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled 

Then you will have to wait 60-90 for the group policy to apply and hopefully you will be able to connect afterwards.

Wednesday, April 20, 2016

Install SCCM client on a DMZ / Workgroup machine

I know many people who have struggled with this, but I hope that this quick manula will make this easier.

To install SCCM on DMZ / Workgroup machine first make sure that client can communicate with SCCM server or other roles - that is open port 80/443 to management point, 445 to distribution point and 8530/8531 to software update point. There could be others also depending on the SCCM architecture.

Second, follow this steps on DMZ / Workgroup machine:
1. In the %windir%\system32\drivers\etc\hosts file add following entry:
ip-address management point FQDN

example: sccm.contoso.local

2. In %windir%\system32\drivers\etc directory copy lmhosts.sam file and name it as lmhosts (without extension)
3. In lmhosts file add these entries:
ip-address SCCM Server Netbios name #PRE
ip-address SMS_SLP \0x1A" #PRE
ip-address MP_SMSSiteCode  \0x1A" #PRE

example: SCCM #PRE "SMS_SLP \0x1A" #PRE "MP_001  \0x1A" #PRE

4. The last step is to install client. Copy install files to local directory and run setup with following command:

XXX is site code
MP-FQDN is management point FQDN

Tuesday, April 19, 2016

Include search folder when executing file from command line

Here is a little tweak which can sometimes help.
When you open command prompt and execute a program, Windows searches in some directories to find this program.
If You want to add a custom folder to search for a program, you can do this by modifying the system PATH variable.
Just go to Control Panel - System - Advanced System Settings - Environemental Variables

Find PATH, select Edit and append necessary folder in the end.

Saturday, April 16, 2016

Migrate SharePoint lists with attachments to SharePoint Online

Who would ever imagine that I will have to help with migrating SharePoint data, but that happened recently.
So there were SharePoint lists with lots of items and attachments which needed to be migrated to SharePoint Online.
This is how I did migration.
First I got Office 64-bit with Access, to process files larger than 2 GB. After that:
1) Open list, then select List - Open With Access
2) Wait for the list to be opened in Access, this could take really long if the list is huge. But you can see that Access file is growing, just to make sure that process hasn't stopped
3) Final step is to export data to SharePoint Online. So in Access choose External Data -> Export -> More -> SharePoint list, selec destination SharePoint site and list name and click OK

If the list is really huge, then process will be really slow and progress bar will stop, but again you can see in Windows Task Manager that there is action in networking thus making sure that process hasn't stopped.

Friday, April 15, 2016

Stop Windows 10 upgrade notifications

Microsoft is trying to push Windows 10 by all means.
It's a good thing if you are a home user and get a free upgrade.

But it is just opposite in corporate environment, where every business app and device needs to be tested before rolling out changes and especially an OS upgrade.

Here is a Microsoft KB article, which describes how to manage Windows 10 Upgrade notifications 

In short - you can disable upgrade notifications in two ways:
1) Use this group policy setting Computer Configuration / Administrative Templates / Windows Components / Windows Update Policy / Turn off the upgrade to the latest version of Windows through Windows Update

2) Deploy this registry value:
Subkey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DWORD value: DisableOSUpgrade = 1

Thursday, April 14, 2016

DPM error 0x80042306 after attaching missing disk

Our DPM server has local storage and a disk attached through FC.
Something went wrong in FC infrastructure and FC disk dissappeared for a while and we got error "Missing Disk" in DPM. We resolved issue with FC, restarted DPM and everything seemed to be ok.
But this is where interesting things started...

Backup job which used FC disk started to fail. DPM showed error:
An unexpected error occurred on DPM server machine during a VSS operation. (ID 207 Details: VssError:The shadow copy provider had an error. Check the System and Application event logs for more information.

and there was this error in event log
 Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volumeguid} - 0000000000000308,0x0053c06c,0000000DEAF120F0,0,0000000DEAF1E1B0,4096,[0]). hr = 0x80070005, Access is denied.

after a bit of struggling I found this KB article, luckily it was for Windows Server 2012 and we had Windows Server 2012.
Hotfix was installed, server restarted and I almost started to clap hands, but backup jobs still failed unfortunately, this time with error 
An unexpected error occurred on DPM server machine during a VSS operation. (ID 207 Details: VssError:The specified object was not found.

As there were not many protected resource on the FC disk, the easiest way was to recreate the affected protection groups.

Wednesday, April 13, 2016

Enable/disable Internet Explorer Add-ons with group policy

Today I ran into Internet Explorer problem which was caused by buggy IE add-on. So I needed to disable it with group policy.
This is how you can controle IE add-ons with group policy:
1) Navigate to User Configuration - Policies - Administrative Templates - Windows Components - Internet Explorer - Security Features - Add-on Management
2) Click Add-on List, select Enabled
3) Add Values
Value name: this should be the ID of add-on. You can find this value in IE, in "Manage Add-ons" menu, choose necessary add-on, double-click it and Class ID value is what you are looking for.
0 - means disabled and user cannot control it
1 - means enabled and user cannot control it
2 - means enabled and user can control it

It should like something like this:

Tuesday, April 12, 2016

Office 365 version 16.0.6741.2021 high CPU usage in Excel

I am using Office 365 (v2016) for my daily work and to get the latest updates I am in Current Branch.

Today I exprienced the down side of Current Branch - all of a sudden Excel was starting to consume high CPU usage, even when no actual work was done there.

I checked Office version in File - Account - About Excel and noticed that Office version was 16.0.6741.2021.
Google didn't show any issues, so I just upgraded to latest Office 365 version and the issue disappeared.

So go to File - Account - Update Options - Update Now and update.

Friday, April 8, 2016

Windirstat does not show all used disk space

I had a problem when disk space was disappearing for one server. I had deleted and stopped all logs and but the disk space still was getting less each day.
Usually I used WinDirStat tool to find what is filling the disk. This time it didn't help. Also tried running it as administrator, but still no luck.
I googled around and found tool called SpaceSniffer, which helped me to find necessary information. This time "System Volume Information" had eaten all the space. I resolved this by enablig/disabling shadow copies on the problematic volume.

Wednesday, April 6, 2016

New Feature: Add more deployments to automatic deployment rule in SCCM Current Branch

Hi there!

Just wanted to mention a small, but useful improvement to software update automatic deployment rules (ADR) in SCCM Current Branch.
It is possible to create more than one deployment for a single ADR. Just right-click the ADR and select Add Deployment

This is usefule if you want to deploy same patches at first for test collection and then for production collection, but using different schedule and other options.

SCCM Auto-deployment rule deployed as available


Auto-deploy rules to deploy updates is a cool feature because it automates rutine tasks and it was introduced in SCCM 2012.
I wanted to use auto-deploy rules to deploy updates to servers as available. Unfortunetely, this is not possible.

But fortunately there is a workaround - set deadline long time in future (it is possible to set max 12 months).
If auto-deploy rule is set to evaluate each month and set to append existing update group, it will always extend installation deadline and thus never install updates. But it will be possible to go to server and install updates manually!

Friday, April 1, 2016

Shared Calendars updating slowly in Exchange Online (Office 365)

Recently our company email got moved to Office 365 (Exchange Online).
After email was moved I noticed that shared calendars where updating really slowly, it took about two minutes to show details in shared calendar.

Unchecking this option, solved the issue:
File- Account Settings - Account Settings - Change(email tab) - More Settings - Advanced Tab - Download shared folders