Search This Blog

Friday, January 31, 2020

New feature in Notepad starting from Windows 10 v1903

Yes, you read correctly. Microsoft has made an improvement in Notepad - starting from Windows 10 v1903, you will see an asterisk on the top left corner in Notepad, when you have unsaved changes.

It looks like this:

Yes, this really is a surprise from Microsoft!

Wednesday, January 29, 2020

Azure AD Password Protection together with Active Directory

Azure AD Password Protection is a cool feature which prevents the use of simple passwords, for example Summer1234, such password would satisfy the complexity requirements and usually length requirements, but still is pretty easy to guess.
The good news is that Active Directory can be integrated with Azure AD Password Protection feature.
I will be posting a step-by-step guide how to configure integration between AD and Azure AD Password Protection in near future, but for now here is a brief overview:

  1. You need Azure AD Premium P1 or P2 licences to use Azure AD Password Protection in your on-prem AD.
  2. There is a DC agent, which needs to be installed on every domain controller.
  3. There is a Proxy agent which needs to be installed on member server that has access to internet.
  4. DC agent talks to Proxy agent over RPC.
  5. Proxy agent connects to Azure AD Password Protection service over HTTPS.
  6. Azure AD Password Protection can be enabled in audit mode.
  7. Azure AD Password Protection banned password dictionary does not contain localized (non-English) words at this time.
  8. You can add your custom banned-word list.
  9. Custom words do not have to exact match, they can be part of password. For example, if you add "justforadmins" to the banned list, then "justforadmins123" will also be denied.
  10. Blocked passwords change attempts are logged in the domain controllers event log, there are different events if restriction comes from global blocklist or your custom blocklist.
  11. Azure AD Password Protection is not a real-time feature, it updates once in an hour. So, if you add your custom banned password, then this change will be updated to domain controllers in an hour or so.
If you do have any questions, feel free to comment.

Thursday, January 23, 2020

SOLVED: Office 365 ProPlus Sign-In "Your request can't be completed right now"

For one of my customers we were facing a strange issue - sign-in in Office 365 desktop applications (Word, Excel, PowerPoint) was not working, it looked like this:


When clicking Sign-in, entering user name and password, it told that Your request can't be completed right now.
We were using federated authentications, there were no errors in ADFS logs. A quick Google-ing suggested that Azure AD Conditional access could be blocking the sign-in, but in Azure AD there were now Conditional Access policies enabled.

After some struggling, I found out that there are Classic conditional access policies and indeed once disabling them the issue was solved. Be sure to check these also!


Monday, January 20, 2020

Is it possible to save customized columns view in Microsoft Intune portal?

Intune is starting to become a solid product, but sometimes still lacking some basic functionality.

For example if you go to Intune Portal (https://devicemanagement.microsoft.com/) All Devices and open the Devices view, then you will be shown default view of devices with default columns. You can customize the view to add or remove the displayed columns. But.. unfortunately there is no way to save your customized view, meaning if you close the view and come back to devices, you will need to customize the view again.

These has been asked in UserVoice, but still has not been implemented:
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/38967298-save-customized-column-view-devices-all-device

https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/32269477-save-column-and-filters-for-later-use

I will post in if there are any updates!


Saturday, January 18, 2020

Google Chrome automated configuration options (policies) for all platforms

Nowadays there is a great chance that you need some kind of centralized management for Google Chrome browser.
Google has done a great job to summarize all available configuration options. You can check all the available options here https://cloud.google.com/docs/chrome-enterprise/policies/.
It is very easy to search settings based on platform (Windows, Android, Mac, Linux) or Chrome version.



Thursday, January 16, 2020

How to delete (not unpublish, but delete) an application from Google Play Console

I was working in an Intune project where we had to publish a private application to Google Play and then further to Intune managed devices. For one application we needed to publish under different Google Play account and we found out that it is impossible, because package names were the same and there cannot be two applications with the same package name.

Obviously, the first idea was to delete the application from the wrong account, but there was no such option. Event worse - some googling around suggested that there is no way to delete an application, it could just be unpublished, which prevented new installs, but left the application in the Google Play Console.

The solution came unexpectedly, I was submitting a ticket to Google Support and saw an option to request app deletion. It mentioned that it was required to have zero lifetime installs to unpublish the app, but I went forward and tried my luck.

Luckily Google Support said that an app can be deleted if it is in Unpublished state for more than 24 hours. Google Support asked to approve the deletion request from the email which owns the Google Play Console and once that was done, the app was deleted after several hours and could be published under the correct account.

Hurray!

Tuesday, January 14, 2020

Read receipts in Microsoft Teams finally released!

Today I received the Microsft Teams update (version 1.2.00.34161), the popup informed me about new long waited feature Read Receipts (you can see whether message is sent or read). Congratulations Microsoft :)

If message is sent, you can see a checkbox next to message, like this:


And if message is seen then following picture is added:


Happy to this finally!


Monday, January 13, 2020

All 0x80000000 error codes (Updated 19.01.2020)

In this article I will be summarizing all the 0x80000000 error codes I have dealt with.

SCCM
    
    0x80090304 - https://www.justforadmins.com/2019/11/sccm-client-does-not-appear-in-console.html

   0x8007274d - https://www.justforadmins.com/2019/10/sccm-task-sequence-error-8007274d-no.html
 
   0x8000ffff - https://www.justforadmins.com/2019/02/solved-regtask-failed-to-refresh-site.html

   0x8024401c - https://www.justforadmins.com/2019/02/solved-onsearchcomplete-failed-to-end.html

OneDrive

    0x8004de40 - https://www.justforadmins.com/2020/01/fixed-error-there-was-problem.html


KMS

   0xC004F042 - https://www.justforadmins.com/2020/01/activate-windows-server-2019-windows-10.html

Office 365 Pro Plus
 
   0xc0000361 - https://www.justforadmins.com/2019/01/fixed-office-365-proplus-apps-do-not.html

OneDrive Known Folder Move in non-English environment

If you are reading this, then you probably know what OneDrive Known Folder Move (KFM) feature does. It is like the old Folder Redirection, but the target is not file server, but OneDrive.

Here is an explanation of how OneDrive chooses names for Desktop, Documents and Pictures folders. And it chooses names for these folders based on the system locale configured on the system where OneDrive KFMis enabled.
So for example, if you enable KFM on system with Swedish locale, you will get Bilder, Dokument and Skrivbordet folders as mentioned here.

This creates a potential issue in scenarios where system local is different on computer where KFM is activated and for example on RD Session Host servers, if locale differs there. Then there will be in total six folders - two for documents, two for pictures and two for desktop.

One workaround for this is to configure PreferredLanguage attribute for AD user, sync it Azure AD and then user will have provisioned KFM folders always in prefereed language.

Saturday, January 11, 2020

SOLVED: SCVMM 2016 console crashes with error .NET Runtime error (Event ID: 1026)

Recently I did an upgrade from SCVMM 2012 R2 to SCVMM 2016. The upgrade was not complex, but after the upgrade the SCVMM console crashed when clicking properties on some VMs.
In event log there was error with Event ID 1026, which stated that "The process was terminated due to an unhandled exception", the event source was .NET Runtime, and Framework version was  v4.0.30319.

I checked the .NET version and it was 4.6, which is suported with SCVMM 2016.

The issue was only with console on SCVMM server not on remote consoles.

It turned out that I had installed there are two binaries of SCVMM 2016 update rollup that need to be installed on SCVMM server:

After installing also the admin console update (not just the VMM management server update), the issue was gone.

Friday, January 10, 2020

FIXED: Error "There was a problem connecting to OneDrive", 0x8004de40

If you are getting error "There was a problem connecting to OneDrive", error code 0x8004de40 when setting up OneDrive for the first time, then most likely you do not have internet access or if you are inside corporate network, then your proxy or firewall is blocking the traffic.


For corporate customers follow this article to open required URLs and IP addresses.

Semi-Annual channel for System Center (DPM, SCVMM, SCOM) products has been retired

Approximately two years ago Microsoft decided to go the same path for System Center products (DPM, VMM, SCOM) as for Windows 10, that is to have two support cycles - Semi-Annual with shorter support lifecycle and long term channel with classic 10-year support lifecycle.

A while ago Microsoft decided to not continue the Semi-Annual channel for System Center products, thus proving that their focus clearly is on cloud products.

For existing System Center Semi-Annual channel versions (1801 and 1807) the recommendation is to upgrade to 2019th version as soon as possible.



Sunday, January 5, 2020

Activate Windows Server 2019 / Windows 10 v1809 LTSC on KMS server 2012 R2

Hello,

If you have working KMS server and it works on Windows Server 2012 R2, then it is possible to activate Windows Server 2019 and Windows 10 v1809 LTSC clients with it.
If you are receiving error 0xC004F042, then continue reading.

To configure KMS server follow these steps:

  1. Install latest cumulative updates on KMS server.
  2. Get the correct KMS key, it is called Windows Srv 2019 DataCtr/Std KMS, and you can find it in volume licensing portal:
  • Log on to the Volume Licensing Service Center (VLSC)
  • Click License.
  • Click Relationship Summary.
  • Click License ID of your current Active License.
  • After the page loads, click Product Keys.
  • In the list of keys, locate Windows Srv 2019 DataCtr/Std KMS
  1. Install the product key as usual 
    1. Open eleveted command prompt 
    2. Run slmgr.vbs /ipk your product key to install the key
    3. Run slmgr.vbs /ato to activate the server
  2. If your KMS server happens to be disconnected from the Internet, then you also need to install Volume Activation Services Windows Server role and activate the server over the phone, follow this article https://blogs.technet.microsoft.com/askcore/2013/03/14/installing-volume-activation-services-role-in-windows-server-2012-to-setup-a-kms-host/