CTSMUG – May 5th @ Ebay – Steve Rachui, 1E Tachyon, and MMS speakers

Registration Link

https://www.eventbrite.com/e/ctsmug-may-5th-ebay-steve-rachui-1e-tachyon-and-mms-speakers-tickets-33666870516

Venue – eBay

  • Always looking for speakers!

Schedule

  • 10:00 – 11:00 Shaun Cassells – MMS presentation – Windows Insider for Business
  • 11:00 – 12:00 Steve Rachui – Boundary changes in 1610
  • 12:00 – 1:00 Lunch and Learn with 1E Tachyon – Real-time Configuration & Security Management at Scale
  • 1:30 – 2:30 Steve Rachui – Managing Duplication Hardware ID’s/Windows Information Protection
  • 2:30 – 3:30 Donnie Taylor – MMS presentation – OMS, PowerBi, and Flow – The New Breed
  • 3:30 – 4:00 Elias Leal – Recovering Disk Space on Distribution Points – Content Library Cleanup Tool and Data Deduplication for DPs

Join our CTSMUG LinkedIn Group. Call for speakers, discussions, and updates.

Sponsor

1E

As experts in systems management, and with over 20 years of experience in making SCCM work better, we have launched a new product, Tachyon, the fastest platform to query and control all your endpoints. It transforms urgent ad-hoc issue identification and resolution time from hours to minutes.

You achieve this by holding a conversation – live with every endpoint – as if you were at every device. This gives you the confidence and agility to move at the pace of any IT incident, security threat or compliance risk.

In the 1E Tachyon session we show how to:

  • Slash troubleshooting and resolution times – Find and fix application, configuration and operating system faults across all of your endpoints
  • Faster security investigation and response – Find and remediate the machines on your network that have been cyber-attacked by organized crime
  • Immediately action urgent business requests – Rapidly respond to regulatory compliance, security and software asset management (SAM) audits

Windows 10: Creators Update is very interesting for Enterprise IT

The Creators Update ( CB ) is very interesting to the enterprise.  Ironically it is called the Creators Update and you will be hard pressed to find articles (they will come out eventually) about the new creation aspects.  For the Enterprise IT there are several items that immediately catch your attention and make you want to update in 4 or so months.  4 months after CB (April 11th) is when Current Branch for Business ( CBB ) is predicted to release.  A few enterprise IT items that catch my attention instantly are:

Windows Insider Program for Business – Windows Insider Program

insider.windows.com

Windows 10 is now available on PC and Phone. Thanks to the help and hard work of the Insiders who are already participating in the Windows Insider Program, it’s the best Windows ever. Now, you can continue to help us make it even better.

  • Improved control of Windows Update – scheduling, Restart times, delay of cumulative updates.  If your business application is impacted you can buy yourself 30 days to fix your vulnerability.
  • Improved control panel and further death of MMC and CPL.  I am sure it a learning curve will occur with the typical end user followed by realization that using the control panel is easy.
  • Unified Security dashboard
    • Improved Virus & threat protection
    • Device performance & Health
    • Firewall & network protection
    • App & browser control
    • Family options
  • PowerShell, PowerShell, PowerShell – repalced the CMD in the WinKey+X menu.  If you can achieve the action via PowerShell that means Automation is easy!
  • Gaming Mode – nice!  Improved team collaboration and hand eye coordination training while working… or something like that

Personal Favorites

  • Night light – Blue Light for reduced eye strain
  • Death of snipping tool.  WinKey+Shift+S is now available with or without O365.  OneNote FTW!

 

The items above are the tip of the iceberg for Enterprise IT.  What really makes life interesting is the improved stability, control via WU, MDM, SCCM, GPO, Antivurs, etc., as well as massively improved user experience like the ability to create folders in the start menu tiles.  Simple things that makes your end users happier.

For a detailed list of features check out the MS Blog

https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/

What’s new for IT pros in the Windows 10 Creators Update

blogs.technet.microsoft.com

Windows 10, version 1703—also known as the Windows 10 Creators Update—is designed for today’s modern IT environment with new features to help IT pros more easily manage, and better protect, the devices and data in their organizations. It also provides individuals with the ability to be more productive, thanks to enhancements to Windows Ink and…

Window 10 1703 – Get it early or on your schedule

 

The offical windows update roll-out start date of the Creators update is April 11th 2017.  The roll-out will be phased based on best hardware with the most ensured success first.  Then larger and larger groups.  If you just can’t wait there is an option to go right now.

WARNING!

  1. The upgrade will require you to confirm certain security options a good 20 minutes in.  RDP service is not yet available.
  2. I use https://www.teamviewer.com/en/ to connect and click next, next, finish
  3. The questions can be answered via voice!  Cool… but you can only click the voice button if you can connect to the machine

Manual Start 1703 update

  • Open Windows Update  Start >> Gear icon (Settings) >> Update & Security

1703 - one

1703 - two

  • Checking

1703 - three

  • Update is about 4gb

1703 - four

  • Interesting there is a cancel during download but not during updating

1703 - five

  • 30 minute count down to reboot

After several reboots you will be prompted for approving new security settings.  See my warning above if you normally RDP into the machine.

Once you finish your upgrade don’t forget to check for new Windows Updates and updates in the Store

Windows Insider for Business is alive!

The Windows Insider for IT Pro has been renamed to Windows Insider for Business.  

You can sign up here: https://insider.windows.com/ForBusiness

The original announcement on Feb 15 2017 was teased here https://blogs.windows.com/windowsexperience/2017/02/15/making-windows-insider-program-better-pro-business-customers/#Vcx6fbmlyua62Wky.97

Now businesses can test their internal applications on the builds and patches before they are released.  This is awesome to help increase the testing windows.  Instead of waiting for patch tuesday test long before hand.  Not only can you test and control who can test via GPOs you can see those results in the Windows Feedback Hub (WFH).

I will be posting a series of blogs about experience and usage!

Tons of details here: https://technet.microsoft.com/en-us/itpro/windows/update/waas-windows-insider-for-business 

Progress!

W10: The Enterprise Quickening has begun. Modern Silicon Lifecycle requires W10. No patches for W7 nor W8.1 on new hardware

Summary: New hardware is only supported and patched on W10.  No downgrades. No patches.  No Drivers.

 

Jan 15 of 2016 Microsoft announced that all future chipsets would not support anything but W10.  The chipset manufacturers included Intel (Skylake), AMD (Bristol Ridge), ARM (8996), Nvidia, Qualcom, etc.

https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/#X1ZvMYZdMXYgWMkx.97

As of March 9th 2017 this policy now has teeth.

“Your PC uses a processor that isn’t supported on this version of Windows” error when you scan or download Windows updates

https://support.microsoft.com/en-us/help/4012982/discusses-an-issue-in-which-you-receive-a-your-pc-uses-a-processor-tha

Symptoms

When you try to scan or download updates through Windows Update, you receive the following error message:

Unsupported Hardware
Your PC uses a processor that isn’t supported on this version of Windows  and you won’t receive updates.

Additionally, you may see an error message on the Windows Update window that resembles the following:

Windows could not search for new updates
An error occurred while checking for new updates for your computer.
Error(s) found:
Code 80240037 Windows Update encountered an unknown error.

Cause

This error occurs because new processor generations require the latest Windows version for support. For example, Windows 10 is the only Windows version that is supported on the following processor generations:

  • Intel seventh (7th)-generation processors
  • AMD “Bristol Ridge”
  • Qualcomm “8996″

Because of how this support policy is implemented, Windows 8.1 and Windows 7 devices that have a seventh generation or a later generation processor may no longer be able to scan or download updates through Windows Update or Microsoft Update.

Resolution

We recommend that you upgrade Windows 8.1-based and Window 7-based computers to Windows 10 if those computers have a processor that is from any of the following generations:

  • Intel seventh (7th)-generation “Intel Core” processor or a later generation
  • AMD seventh (7th)-generation (“Bristol Ridge”) processor or a later generation
  • Qualcomm “8996″ processor or a later generation

More Information

For information about how to determine which generation of Intel processor you have installed, go to the following Intel website:

About Intel processor numbers

For information about how to upgrade your computer’s operating system to Windows 10, see Download Windows 10.

 

Client Health: Repair the WMI Path and ensure WMI is added

Once upon a time I wrote a Client Health repair script for Windows XP SMS and SCCM 2007 environments.  By far and away the biggest issue was WMI corruption.  The point of this script was to fix as much as humanly possible WITHOUT using WMI.  No minor feat and you can see one section below here.   A major issue that was EASILY remedied was ensuring WMI was in the system path.  This was recently pointed out to me that people were charging for simple logic.  So here is a nice way to do it for free with a few more frills thrown in for free.

Solution: Fix the WMI in the System Path

The fix below will parse you entire system path and remove any %variable%, remove duplicates, and ensure certain items are in the System path like WMI.  I always wanted to add in a check to look for UNC (\\) paths as those always make a system go slower.

The following script will NOT work.  Please see the full CLIFIX script

CLIFIX_Public_V4_18

Dim windir: windir = WSHShell.ExpandEnvironmentStrings("%WINDIR%")



' =============================================================================
' Method: CHK_SYSTEMPATH
' Description: checks that wbem is near the front of the sys path and cleans
' any duplicate statements from the path environment
' =============================================================================

Sub CHK_SYSTEMPATH()

 WindirPath = LCase(windir)
 System32path = LCase(windir & "\system32")
 WBEMpath = LCase(windir & "\system32\wbem")

 WindirPathFound = False
 System32pathFound = False
 WBEMpathFound = False
 SystemRoot = False

 strKeyNamePath = "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
 strValueName = "Path"

'// GET PATH STATEMENT
 strValue = wshshell.regRead("HKLM\" & strKeyNamePath & "\" & strValueName)
 strValue = LCase(strValue)
 
 ARRpath = Split(LCase(strValue), ";")

 For i = 0 To UBound(ARRpath)
  'Repalce SystemRoot with actual value
  If InStr(ARRpath(i), LCase("%systemroot%")) <> 0 Then strValue = Replace(strValue, LCase("%systemroot%"), LCase(windir)) : SystemRoot = True : COLLECTMSG "CHK_SYSTEMPATH","Warning Replaced %systemroot%",SystemRoot
  If ARRpath(i) = WindirPath Then WindirPathFound = True
  If ARRpath(i) = System32path Then System32pathFound = True
  If ARRpath(i) = WBEMpath Then WBEMpathFound = True
 Next

If (WBEMpathFound = True) And (System32pathFound = True) And (WindirPathFound = True) And (SystemRoot = False) Then COLLECTMSG "CHK_SYSTEMPATH","All Paths Found",WBEMpathFound: Exit Sub

 COLLECTMSG "CHK_SYSTEMPATH","PATH",strValue
 '// Log the results
 logit=False
 If WBEMpathFound = False Then strValue = WBEMpath & ";" & strValue : COLLECTMSG "CHK_SYSTEMPATH","Error WBEMpathFound", WBEMpathFound:logit=True : CLIENTSTATE = CLIENTSTATE + 1
 If WindirPathFound = False Then strValue = WindirPath & ";" & strValue : COLLECTMSG "CHK_SYSTEMPATH","Error WindirPathFound", WindirPathFound :logit=True : CLIENTSTATE = CLIENTSTATE + 1
 If System32pathFound = False Then strValue = System32path & ";" & strValue : COLLECTMSG "CHK_SYSTEMPATH","Error System32pathFound",System32pathFound:logit=True : CLIENTSTATE = CLIENTSTATE + 1
 
 If logit = True Then StrERRType = StrERRType & "SYSTEMPATH_"

 '//Take out duplicates
 'Dictionary Object is Much faster
 ARRpath = Split(LCase(strValue), ";")
 Set PureString = CreateObject("Scripting.Dictionary")
 For i = 0 To UBound(ARRpath)
  If Not PureString.Exists(ARRpath(i)) Then PureString.Add ARRpath(i), ARRpath(i) : Debug(ARRpath(i))
 Next
 strValues = ""
 For Each strKeyName in PureString.Keys
  strValues = strValues & strKeyName & ";"
 Next
 Set PureString = Nothing
 'Remove duplicate semicolons
 If InStr(strValues, ";;") <> 0 Then strValues = Replace(Replace(strValues, ";;", ";"), ";;", ";")
 'Remove trailing semicolons
 ln = Len(strValues)
 If InStr(ln, strValues, ";") <> 0 Then strValues = Left(strValues, ln - 1)
 '// Set PATH STATEMENT
 'Set to current runtime path
 Set oEnv = WshShell.Environment("System")
 oEnv("Path")=strValues
 Set oEnv = Nothing
 'Set to Registry for next restart
 wshshell.regwrite "HKLM\" & strKeyNamePath & "\" & strValueName,strValues,"REG_SZ" 
 RegCounter "CHK_SYSTEMPATH",1
 COLLECTMSG "CHK_SYSTEMPATH","PATH_CLEAN", strValues
End Sub

WI 15048: SCCM Control Panel Applet missing – Command line to run it

With the improvements to the control panel the Configuration Manager Control Panel Applet (CPL) has disappeared.  To add insult to injury the default location of the SCCM client is not indexed nor in the system path.

Open the Configuration Manager CPL

c:\windows\ccm\SMSCFGRC.cpl

SMS back from the dead 🙂  I always wondered if the files were not renamed due to all the white and black listing applications that would have to be updated… or if it is just because that is how they were checked into the coding suite.

 

Best