Windows 10 Fall Creators Update (1709) Deprecated Features – PowerShell 2.0 is EOL among others

Fall Created Update (2017 RS3 1709) will be removing some more security holes.  I wonder if some of these are in response to the SMB1 fiasco (WannaCry for example).

  • TLS RC4 ciphers.
  • The SCCM Windows Hello deployed feature which has been replaced with the Registration Authority of Active Directory Federation Services
  • SysKey.exe gone in favor of Bitlocker
  • Enhanced Mitigation Experience Toolkit (EMET) is being removed for Windows Defined Exploit Guard (WDEG) feature
  • PowerShell 2.0 is very security holey – Twitter Tears Shed – Jeffery Snover
    • For example you can invoke PoSH 2.0 if it is installed.  Since it lacks logging you will have no idea what happened.  Most companies I work with just remove it from 1703.

Posted July 20th 2017 a list of features that are being depreciated or Removed from 1709.

Deprecated

Windows PowerShell 2.0

Applications and components should be migrated to PowerShell 5.0+.

Microsoft Paint

Will be available through the Windows Store. Functionality integrated into Paint 3D.

RSA/AES Encryption for IIS

We recommend that users use CNG encryption provider.

System Image Backup (SIB) Solution

We recommend that users use full-disk backup solutions from other vendors.

TLS RC4 Ciphers

To be disabled by default. For more information, see the following Windows IT Center topic:

TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016

Removed

Enhanced Mitigation Experience Toolkit (EMET)

Use will be blocked. Consider using the Exploit Protection feature of Windows Defender Exploit Guard as a replacement.

Syskey.exe

Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see the following Knowledge Base article:

4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3

TCP Offload Engine

Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see the following PFE Platform Blog article:

Why Are We Deprecating Network Performance Features (KB4014193)?

 

 

Full List Source: https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up

Advertisements

Ding Dong Flash is Dead… on mobiles in 2020

Flash is dead…on mobile devices… in 2020 (same as Windows 7)

http://www.reuters.com/article/us-adobe-systems-flash-idUSKBN1AA22R

 

Oh Happy Day

https://www.youtube.com/watch?v=6zT8AyfsFmA

 

Unfortunately it will still be supported on desktop browsers.  However, I would not consider it far fetched to envision a world where more people user Mobile browsers than desktop ones.   I for one will never mind the constant security headache and popup ads killing my devices.

 

Free eBooks from Microsoft

https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/?ranMID=24542&ranEAID=lw9MynSeamY&ranSiteID=lw9MynSeamY-wEHi3i0.hlt_HnAwmoDS7w&tduid=(00fbd30d71024abaab2b5cb6c5e7c446)(256380)(2459594)(lw9MynSeamY-wEHi3i0.hlt_HnAwmoDS7w)()

 

Free eBooks.. get em while they are … free!

Including:

  • Windows 10
  • Office 365
  • Office 2016
  • Power BI
  • Azure
  • Windows 8.1
  • Office 2013
  • SharePoint 2016
  • SharePoint 2013
  • Dynamics CRM
  • PowerShell
  • Exchange Server
  • System Center
  • Cloud
  • SQL Server and more!

CTSMUG – May 5th @ Ebay – Steve Rachui, 1E Tachyon, and MMS speakers

Registration Link

https://www.eventbrite.com/e/ctsmug-may-5th-ebay-steve-rachui-1e-tachyon-and-mms-speakers-tickets-33666870516

Venue – eBay

  • Always looking for speakers!

Schedule

  • 10:00 – 11:00 Shaun Cassells – MMS presentation – Windows Insider for Business
  • 11:00 – 12:00 Steve Rachui – Boundary changes in 1610
  • 12:00 – 1:00 Lunch and Learn with 1E Tachyon – Real-time Configuration & Security Management at Scale
  • 1:30 – 2:30 Steve Rachui – Managing Duplication Hardware ID’s/Windows Information Protection
  • 2:30 – 3:30 Donnie Taylor – MMS presentation – OMS, PowerBi, and Flow – The New Breed
  • 3:30 – 4:00 Elias Leal – Recovering Disk Space on Distribution Points – Content Library Cleanup Tool and Data Deduplication for DPs

Join our CTSMUG LinkedIn Group. Call for speakers, discussions, and updates.

Sponsor

1E

As experts in systems management, and with over 20 years of experience in making SCCM work better, we have launched a new product, Tachyon, the fastest platform to query and control all your endpoints. It transforms urgent ad-hoc issue identification and resolution time from hours to minutes.

You achieve this by holding a conversation – live with every endpoint – as if you were at every device. This gives you the confidence and agility to move at the pace of any IT incident, security threat or compliance risk.

In the 1E Tachyon session we show how to:

  • Slash troubleshooting and resolution times – Find and fix application, configuration and operating system faults across all of your endpoints
  • Faster security investigation and response – Find and remediate the machines on your network that have been cyber-attacked by organized crime
  • Immediately action urgent business requests – Rapidly respond to regulatory compliance, security and software asset management (SAM) audits

Windows 10: Creators Update is very interesting for Enterprise IT

The Creators Update ( CB ) is very interesting to the enterprise.  Ironically it is called the Creators Update and you will be hard pressed to find articles (they will come out eventually) about the new creation aspects.  For the Enterprise IT there are several items that immediately catch your attention and make you want to update in 4 or so months.  4 months after CB (April 11th) is when Current Branch for Business ( CBB ) is predicted to release.  A few enterprise IT items that catch my attention instantly are:

Windows Insider Program for Business – Windows Insider Program

insider.windows.com

Windows 10 is now available on PC and Phone. Thanks to the help and hard work of the Insiders who are already participating in the Windows Insider Program, it’s the best Windows ever. Now, you can continue to help us make it even better.

  • Improved control of Windows Update – scheduling, Restart times, delay of cumulative updates.  If your business application is impacted you can buy yourself 30 days to fix your vulnerability.
  • Improved control panel and further death of MMC and CPL.  I am sure it a learning curve will occur with the typical end user followed by realization that using the control panel is easy.
  • Unified Security dashboard
    • Improved Virus & threat protection
    • Device performance & Health
    • Firewall & network protection
    • App & browser control
    • Family options
  • PowerShell, PowerShell, PowerShell – repalced the CMD in the WinKey+X menu.  If you can achieve the action via PowerShell that means Automation is easy!
  • Gaming Mode – nice!  Improved team collaboration and hand eye coordination training while working… or something like that

Personal Favorites

  • Night light – Blue Light for reduced eye strain
  • Death of snipping tool.  WinKey+Shift+S is now available with or without O365.  OneNote FTW!

 

The items above are the tip of the iceberg for Enterprise IT.  What really makes life interesting is the improved stability, control via WU, MDM, SCCM, GPO, Antivurs, etc., as well as massively improved user experience like the ability to create folders in the start menu tiles.  Simple things that makes your end users happier.

For a detailed list of features check out the MS Blog

https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/

What’s new for IT pros in the Windows 10 Creators Update

blogs.technet.microsoft.com

Windows 10, version 1703—also known as the Windows 10 Creators Update—is designed for today’s modern IT environment with new features to help IT pros more easily manage, and better protect, the devices and data in their organizations. It also provides individuals with the ability to be more productive, thanks to enhancements to Windows Ink and…

Window 10 1703 – Get it early or on your schedule

 

The offical windows update roll-out start date of the Creators update is April 11th 2017.  The roll-out will be phased based on best hardware with the most ensured success first.  Then larger and larger groups.  If you just can’t wait there is an option to go right now.

WARNING!

  1. The upgrade will require you to confirm certain security options a good 20 minutes in.  RDP service is not yet available.
  2. I use https://www.teamviewer.com/en/ to connect and click next, next, finish
  3. The questions can be answered via voice!  Cool… but you can only click the voice button if you can connect to the machine

Manual Start 1703 update

  • Open Windows Update  Start >> Gear icon (Settings) >> Update & Security

1703 - one

1703 - two

  • Checking

1703 - three

  • Update is about 4gb

1703 - four

  • Interesting there is a cancel during download but not during updating

1703 - five

  • 30 minute count down to reboot

After several reboots you will be prompted for approving new security settings.  See my warning above if you normally RDP into the machine.

Once you finish your upgrade don’t forget to check for new Windows Updates and updates in the Store

Windows Insider for Business is alive!

The Windows Insider for IT Pro has been renamed to Windows Insider for Business.  

You can sign up here: https://insider.windows.com/ForBusiness

The original announcement on Feb 15 2017 was teased here https://blogs.windows.com/windowsexperience/2017/02/15/making-windows-insider-program-better-pro-business-customers/#Vcx6fbmlyua62Wky.97

Now businesses can test their internal applications on the builds and patches before they are released.  This is awesome to help increase the testing windows.  Instead of waiting for patch tuesday test long before hand.  Not only can you test and control who can test via GPOs you can see those results in the Windows Feedback Hub (WFH).

I will be posting a series of blogs about experience and usage!

Tons of details here: https://technet.microsoft.com/en-us/itpro/windows/update/waas-windows-insider-for-business 

Progress!