Thursday, June 28, 2018

SCCM Deployment Logging Variables

Sometimes its helpful to have SMSTS.LOG for debugging issues in SCCM OSD Deployments. But this log is very long and even with cmtrace logviewer anoying to read. 

You are looking probably for some very specific informations stored in variables.

Here is a comprehensive list of variables:

The following list describes the built-in variables that are available in Configuration Manager:
Built-in Variable NameDescription
_OSDDetectedWinDirThe task sequence scans the computer's hard drives for a previous operating system installation when Windows PE starts. The Windows folder location is stored in this variable. You can configure your task sequence to retrieve this value from the environment and use it to specify the same Windows folder location to use for the new operating system installation.
_OSDDetectedWinDriveThe task sequence scans the computer's hard drives for a previous operating system installation when Windows PE starts. The hard drive location for where the operating system is installed is stored in this variable. You can configure your task sequence to retrieve this value from the environment and use it to specify the same hard drive location to use for the new operating system.
_SMSTSAdvertIDStores the current running task sequence deployment unique ID. It uses the same format as a Configuration Manager software distribution deployment ID. If the task sequence is running from stand-alone media, this variable is undefined.


_TSAppInstallStatusThe task sequence sets the _TSAppInstallStatus variable with the installation status for the application during the Install Application step. The task sequence sets the variable with one of the following values:

1. Undefined: The Install Application step has not run.
2. Error: At least one application failed because of an error during the Install Application step.
3. Warning: No errors occur during the Install Application step. One or more applications, or a required dependency, did not install because a requirement was not met.
4. Success: There are no errors or warnings detected during the Install Application step.
_SMSTSBootImageIDIf the current running task sequence references a boot image package, this variable stores the boot image package ID. If the task sequence does not reference a boot image package, this variable is not set.


_SMSTSBootUEFIThe task sequence sets the SMSTSBootUEFI variable when it detects a computer that is in UEFI mode.
_SMSTSClientGUIDStores the value of Configuration Manager client GUID. This variable is not set if the task sequence is running from stand-alone media.


_SMSTSCurrentActionNameSpecifies the name of the currently running task sequence step. This variable is set before the task sequence manager runs each individual step.


run command line
_SMSTSDownloadOnDemandIf the current task sequence is running in download-on-demand mode, this variable is true. Download-on-demand mode means the task sequence manager downloads content locally only when it must access the content.
_SMSTSInWinPEWhen the current task sequence step is running in Windows PE, this variable is true. Test this task sequence variable to determine the current operating system environment.
_SMSTSLastActionRetCodeStores the return code that was returned by the last action that was run. This variable can be used as a condition to determine if the next step is run.


_SMSTSLastActionSucceededIf the last step succeeded, this variable is true. If the last step failed, it is false. If the task sequence skipped the last action, because the step is disabled or the associated condition evaluated to false, this variable is not reset. It still holds the value for the previous action.
_SMSTSLaunchModeSpecifies one of the following task sequence launch methods:

- SMS: the task sequence started from the Configuration Manager client
- UFD: the task sequence started from legacy USB media
- UFD+FORMAT: the task sequence started from newer USB media
- CD: the task sequence started from a CD
- DVD: the task sequence started from a DVD
- PXE: the task sequence started from PXE
- HD: the task sequence started from prestaged media on a hard disk
_SMSTSLogPathStores the full path of the log directory. Use this value to determine where actions are logged. This value is not set when a hard drive is not available.
_SMSTSMachineNameStores and specifies the computer name. Stores the name of the computer that the task sequence uses to log all status messages. To change the computer name in the new operating system, use the OSDComputerName variable.


_SMSTSMDataPathSpecifies the path defined by the SMSTSLocalDataDrive variable. When you define SMSTSLocalDataDrive before the task sequence starts, such as by setting a collection variable, Configuration Manager then defines the _SMSTSMDataPath variable once the Task Sequence starts.
_SMSTSMediaTypeSpecifies the type of media that is used to initiate the installation. Examples of types of media are Boot Media, Full Media, PXE, and Prestaged Media.
_SMSTSMPStores the URL or IP address of a Configuration Manager management point.
_SMSTSMPPortStores the management point port number of a Configuration Manager management point.


_SMSTSOrgNameStores the branding title name that the task sequence displays in the progress dialog.


XYZ Organization
_SMSTSOSUpgradeActionReturnCodeStores the exit code value that Windows Setup returns to indicate success or failure. This variable is set during the Upgrade Operating System task sequence step. This variable is useful with the /Compat command-line option.


On the completion of /Compat, take action in later steps depending on the failure or success exit code. On success, initiate the upgrade. Or, set a marker in the environment (for example, add a file or set a registry key) to collect with hardware inventory. Use this marker to create a collection of computers that are ready to upgrade, or that require action before upgrade.
_SMSTSPackageIDStores the current running task sequence ID. This ID uses the same format as a Configuration Manager software package ID.


_SMSTSPackageNameStores the current running task sequence name specified by the Configuration Manager administrator when the task sequence is created.


Deploy Windows 10 task sequence
_SMSTSSetupRollbackSpecifies whether the operating system Setup performed a rollback operation. The variable values can be true or false.
_SMSTSRunFromDPSet to true if the current task sequence is running in run-from-distribution-point mode, which means the task sequence manager obtains required package shares from distribution point.
_SMSTSSiteCodeStores the site code of the Configuration Manager site.


_SMSTSTypeSpecifies the type of the current running task sequence. It can have the following values:

1 - indicates a generic task sequence.

2 - indicates an operating system deployment task sequence.
_SMSTSTimezoneThe _SMSTSTimezone variable stores the time zone information in the following format (without spaces):

Bias, StandardBias, DaylightBias, StandardDate.wYear, wMonth, wDayOfWeek, wDay, wHour, wMinute, wSecond, wMilliseconds, DaylightDate.wYear, wMonth, wDayOfWeek, wDay, wHour, wMinute, wSecond, wMilliseconds, StandardName, DaylightName


For the Eastern Time U.S. and Canada, the value would be 300,0,-60,0,11,0,1,2,0,0,0,0,3,0,2,2,0,0,0,Eastern Standard Time,Eastern Daylight Time
_SMSTSUseCRLWhen the task sequence uses HTTPS to communicate with the management point, specifies whether it uses the certificate revocation list (CRL).
_SMSTSUserStartedSpecifies whether a task sequence is started by a user. This variable is set only if the task sequence is started from the Software Center. For example, if _SMSTSLaunchMode is set to SMS. The variable can have the following values:

- true - specifies that the task sequence is manually started by a user from the Software Center.
- false - specifies that the task sequence is initiated automatically by the Configuration Manager scheduler.
_SMSTSUseSSLSpecifies whether the task sequence uses SSL to communicate with the Configuration Manager management point. If your site is running in native mode, the value is set to true.
_SMSTSWTGSpecifies if the computer is running as a Windows To Go device.
OSDPreserveDriveLetterThis task sequence variable is deprecated. During an operating system deployment, by default, Windows Setup determines the best drive letter to use (typically C:).

Previous behavior: when applying an image, the OSDPreverveDriveLetter variable determines whether or not the task sequence uses the drive letter captured in the image file (.WIM). Set the value for this variable to False to use the location that you specify for the Destination setting in the Apply Operating System task sequence step. For more information, see Apply Operating System Image.
SMSTSAssignmentsDownloadIntervalThe number of seconds to wait before the client attempts to download the policy since the last attempt that returned no policies. By default, the client waits 0 seconds before retrying.

You can set this variable by using a prestart command from media or PXE.
SMSTSAssignmentsDownloadRetryThe number of times a client will attempt to download the policy after no policies are found on the first attempt. By default, the client retries 0 times.

You can set this variable by using a prestart command from media or PXE.
SMSTSAssignUsersModeSpecifies how a task sequence associates users with the destination computer. Set the variable to one of the following values:

- Auto: The task sequence creates a relationship between the specified users and destination computer when it deploys the operating system to the destination computer.
- Pending: The task sequence creates a relationship between the specified users and the destination computer. An administrator must approve the relationship to set it.
- Disabled: The task sequence does not associate users with the destination computer when it deploys the operating system.
SMSTSDownloadAbortCodeThis variable contains the abort code value for the external program downloader (specified in the SMSTSDownloadProgram variable). If the program returns an error code equal to the value of the SMSTSDownloadAbortCode variable, then the content download fails and no other download method is attempted.
SMSTSDownloadProgramUse this variable to specify an Alternate Content Provider, a downloader program that is used to download content instead of the default Configuration Manager downloader, for the task sequence. As part of the content download process, the task sequence checks the variable for a specified downloader program. If specified, the task sequence runs the program to perform the download.
SMSTSDownloadRetryCountThe number of times that Configuration Manager attempts to download content from a distribution point. By default, the client retries 2 times.
SMSTSDownloadRetryDelayThe number of seconds that Configuration Manager waits before it retries to download content from a distribution point. By default, the client waits 15 seconds before retrying.
SMSTSDriverReceiveTimeOutThe number of seconds before the connection to the server times out.
SMSTSErrorDialogTimeoutWhen an error occurs in a task sequence, it displays a dialog box with the error. The task sequence automatically dismisses it after the number of seconds specified by this variable. By default, this value is 900 seconds (15 minutes).
TSDisableProgressUI Beginning in Configuration Manager version 1706, use this variable to control when the task sequence displays progress to end users. To hide or display progress at different times, set this variable multiple times in a task sequence. To hide task sequence progress, set the value of this variable to True. To display task sequence progress, set the value of this variable to False.
SMSTSDisableStatusRetry In disconnected scenarios, the task sequence engine repeatedly tries to send status messages to the management point. This behavior in this scenario causes delays in task sequence processing. Beginning in Configuration Manager version 1802, set this variable to True and the task sequence engine doesn't attempt to send status messages after the first message fails to send. This first attempt includes multiple retries.

When the task sequence restarts, the value of this variable persists. However, the task sequence tries sending an initial status message. This first attempt includes multiple retries. If successful, the task sequence continues sending status regardless of the value of this variable. If status fails to send, the task sequence uses the value of this variable.

NOTE: task sequence status reporting relies upon these status messages to display the progress, history, and details of each step.
SMSTSLanguageFolderUse this variable to change the display language of a language neutral boot image.
SMSTSLocalDataDriveSpecifies where temporary files are stored on the destination computer while the task sequence is running.

This variable must be set before the task sequence starts, such as by setting a collection variable. Once the task sequence starts, Configuration Manager defines the _SMSTSMDataPath variable once the Task Sequence starts.
SMSTSMPUse this variable to specify the URL or IP address of the Configuration Manager management point.
SMSTSPeerDownloadUse this variable to enable the client to use Windows PE Peer Cache.


SMSTSPeerDownload = TRUE enables this functionality.
SMSTSPeerRequestPortA custom network port that Windows PE peer cache uses for the initial broadcast. The default port configured in client settings is 8004.
SMSTSPersistContentUse this variable to temporarily persist content in the task sequence cache.
SMSTSPostActionSpecifies a command that is run after the task sequence completes. For example, you can use this variable to specify a script that enables write filters on embedded devices after the task sequence deploys an operating system to the device.
SMSTSPreferredAdvertIDForces the task sequence to run a specific targeted deployment on the destination computer. Set this variable through a prestart command from media or PXE. If this variable is set, the task sequence overrides any required deployments.
SMSTSPreserveContentThis variable flags the content in the task sequence to be retained in the Configuration Manager client cache after the deployment. This variable is different from SMSTSPersistContent, which only preserves the content for the duration of the task sequence. SMSTSPersistContent uses the task sequence cache, SMSTSPreserveContent uses the Configuration Manager client cache.


SMSTSPreserveContent = TRUE enables this functionality.
SMSTSRebootDelaySpecifies how many seconds to wait before the computer restarts. If this variable is zero (0), the task sequence manager does not display a notification dialog before reboot.


0: do not display a notification

60: display a notification for one minute
SMSTSRebootMessageSpecifies the message to display in the restart notification dialog. If this variable is not set, a default message appears.


The task sequence is restarting this computer.
SMSTSRebootRequestedIndicates that a restart is requested after the current task sequence step is completed. If a restart is required, just set this variable to true, and the task sequence manager will restart the computer after this task sequence step. If the task sequence step requires a restart to complete the action, set this variable. After the computer restarts, the task sequence continues to run from the next task sequence step.
SMSTSRetryRequestedRequests a retry after the current task sequence step is completed. If this task sequence variable is set, the SMSTSRebootRequested must also be set to true. After the computer is restarted, the task sequence manager will rerun the same task sequence step.
SMSTSUDAUsersSpecifies the primary users of the destination computer by using the following format:


domain\user1, domain\user2, domain\user3

Separate multiple users by using a comma (,). For more information, see Associate users with a destination computer.

Thanks to MS @

Wednesday, May 2, 2018

Windows 10 - 1803 whats new

Windows 10 - Version 1803
Build 17134.1

Comprehensive list of new features, changes and updates:


  • Start now uses the Fluent Design Reveal effect in the apps list, on tiles and on the rail
  • Right-clicking on an UWP app will now show a quick link to Advanced Options for that app as "Settings"
  • Explorer, Music, Files and Pictures are now added to the Rail by default
  • The number of groups in the All apps list has been reduced by 29 and 36 for Chinese (Simplified) and Japanese respectively
  • On Pro for Workstation and Enterprise, the default apps have been changed to be more productivity-focused

Cortana + search

  • If Cortana recognizes a book, shopping item, restaurant, recipe movie, TV show or other things, she will now prompt you to put it in a list
  • Cortana is no longer capable of providing proactive content
  • Cortana can now recognize your location to show location based notifications
  • Cortana will now suggest Activities to resume to
  • Your profile picture and controls to lock your account, log off or switch to another user are now visible within Cortana
  • The List and Collections features have been merged into the Collections app
  • Cortana now supports natural language compatibility for Spotify
  • Cortana Lists can no longer be accessed from the rail
  • The Cortana app profile page has been revamped
  • Skills in Cortana's notebook now come with tips

Taskbar + Action center

  • Links like "Collapse" and "Clear all" now use your accent color in the non-colored Action center
  • Swiping with 2 fingers will now dismiss all notifications
  • When using a 12-hours clock, Action center will now use "AM" and "PM" instead of "a" and "p"
  • Notification Toasts that do not support being dismissed into the Action center will now show an X instead of an arrow
  • The language icon has been updated in the Input flyout to match the icon used on the touch keyboard
  • The app view for people in MyPeople is now a list instead of a grid
  • The Near Share-quick action has been added
  • Action center now uses reveal
  • The "Clear all" option has been renamed "Clear all notifications"
  • Timeline replaces Task View in the taskbar
  • Timeline has been added to show activities of apps that support it
  • Currently open apps are now shown on top of your timeline
  • Virtual Desktops has been relocated to the top of Timeline
  • The taskbar now uses an acrylic background
  • The Clock & Calendar, Volume, My People, Input and Share flyouts now use an acrylic background
  • When a toast is dismissed while writing content in its interactive fields, the content will now be saved and will stay accessible in the Action center
  • If a warning or alert is triggered by Windows Update, a new tray icon will appear to inform you of this
  • You can now drag-and-drop people to rearrange them in My People
  • People that aren't pinned to the taskbar can now also cause a pop in My People
  • My People will now suggest apps to install that support My People
  • The Reveal effect in the clock and Calendar flyout has been updated to make the day with focus appear lighter
  • The Focus Assist Quick Action is no longer a toggle but a multi-step button
  • The context menu now contains an option to remove everything from that hour or day from your Timeline
  • Timeline will only show 4 days of activity by default
  • Switching between the Focus Assist modus between priority online, alarms only or off can now be done again from the Action center context menu
  • The People flyout now uses the accent color when "Show accent color on Start, taskbar and action center" is selected in Color Settings

User Interface

  • CalendarView now uses Reveal
  • The Reveal effect has been softened
  • The Network flyout on the lock screen has been updated from its Windows 8.1 look to allign with the Windows 10 version
  • When the touch keyboard is invoked or dismissed, it will now animate
  • Reveal now fully works in the Light
  • Animations for headers, pane opening and item selection has been added to NavigationViews
  • Border Reveal is no longer applied in ListView and TreeView
  • AppBarButtons now have a 2px margin between them

File Explorer

  • The on-screen keyboard's colors have been inverted
  • The cloud state of files and folder in the Navigation Pane will now be shown there

Microsoft Edge

Edge 42

  • Edge will be added as a shortcut on the desktop by default
  • A tab can now be muted by clicking the sound icon or from its context menu
  • "Extensions" has been renamed "Add more features" and move to the top of the ellipses menu
  • Address fields and other related fields can now be filled in automatically by Edge
  • Settings to manage form entries have been added to Advanced Settings
  • Text spacing settings have been added for Reading View
  • The active tab, address bar, favorites bar and "Find on Page"-bar are no longer acrylic
  • The title bar has been updated with a more transparent acrylic
  • The dark theme has been reworked with a darker UI
  • Buttons and lists in Edge's UI now use the reveal effect
  • Icons on the address bar will appear slightly smaller
  • Favorites in the favorite bar can now be set to not show their label individually
  • It is no longer possible to hide labels for all favorites at once
  • The favorites bar can now be hidden by right-clicking on it
  • Edge now supports Activities
  • Precision Touch Pads will now allow you to pinch-to-zoom or use two-finger panning to interact with websites in the same way a touchscreen would
  • The Hub is now wider and the sections are now displayed on the side instead of the top with their title in a collapsible view
  • Card information can now be saved and automatically filled in in the future and settings for this behavior have been added
  • A "Notes"-pop-over menu has been added to navigate between notes
  • Books can now show recommendations if the library is empty
  • You can now filter by expired rentals in the book library
  • The URL bar will now show the Books icon and title rather than the URI
  • Support for Audio Narrated Books with EPUB Media Overlays has been added
  • The Favorites Bar will now be enabled automatically if there is at least 1 favorite in it on Start and the New tab page independently from the "Show favorites bar" setting
  • You can now set Edge to never remember passwords for a certain domain
  • Auto-filling saved passwords is now supported in InPrivate mode
  • Extensions now work in InPrivate mode when set to do so
  • When opened with a mouse, the ellipses menu will now be smaller
  • When viewing a certificate, users can now show the certificate itself in a sidebar
  • In full screen-mode, the full Edge UI will now be available by moving your mouse to the top of the screen
  • "Clutter-free printing" has been added as a new option to the Print dialog, allowing you to remove ads
  • Dragging a website from the address bar to the Favorites bar will now show the favicon and name of the website
  • The last opened Reading List item now has a new design which uses Acrylic
  • Windows Defender Application Guard should now be lighter and faster
  • Widnows Defender Application Guard now allows you to download files to the host


  • Free EPUB books can now be saved
  • Books can now be removed, pinned or searched for in the Microsoft Store from the Book hub
  • Bookmarks for EPUBs and PDFs can now be edited within the same flyout
  • EPUB, PDF and Reading View has been redesigned with Fluent Design in mind
  • Go-to-page in the Seek bar has been updated to support PDF Page Labels and EPUB Page List
  • Reflowable EPUB books and Reading View for websites can now break the words on the page into syllables or highlight different parts of speech like nouns, verbs and adjectives
  • Books, PDFs and Reading View pages now work full-screen
  • Reading progress, notes, bookmarks and annotations will now roam faster to other devices
  • General improvements to EPUB books and PDFs and Books when using a screen reader
  • You can now export and clear your book data

F12 Tools

  • The tools can now be docked vertically

EdgeHTML 17

  • Support for Service Workers is now fully enabled, introducing support for offline web sites and push notifications
  • CSS backdrop-filter is now available
  • Subresource integrity is now available
  • The ANGLE Backend is now used for WebGL
  • Edge will now fire a Pointer Event with pointerType of "touch" when using Precision Touch Pad gestures
  • "Enable iterative drawing algorithm" has been added as an option enabled by default
  • "Enable OpenType variable fonts" is now enabled by default
  • Full support for CSS extensions for OpenType Font Variations
  • Support to use Notification API in extensions
  • Support for elements on HTMLFieldsetElement
  • Support for ping on anchor element


  • "WebGL Uses ANGLE Backend" has been added
  • "Enable OpenType variable fonts" has been added

Internet Explorer

  • When using the Japanese touch keyboard, address bar suggestions will now show as you type rather than waiting for the candidate string to be committed



  • Sound has been added as a new page and allows you to change the volume, audio output device, microphone input device and test your microphone
  • You can now enable "Near Share" on the Shared experiences page and set its download location
  • The brightness of SDR content on an HDR display can now be adjusted under "Display"
  • Detailed information about your display can now be seen in "Advanced display settings" linked on the Display page
  • "Advanced display settings" shows information about your desktop resolution, active signal resolution, refresh rate, bit depth, color format and color space
  • "Advanced scaling" has been added under Display and allows you to enable "Fix scaling for apps"
  • When Windows detects an app that might have become blurry, a toast will be shown requesting to fix this
  • A top level link to Storage Settings has been added to free up space
  • "Free up space now" can now clean Windows upgrade log files, System created Windows Error Reporting Files, Windows Defender Antivirus, Thumbnails, Temporary Internet Files, Device driver packages, DirectX Shader Cache, Downloaded Program Files, Diagnostic data viewer database files and Delivery Optimization Files in addition to its previously available 4 categories
  • "Show suggestions occasionally in Timeline" has been added under Multitasking
  • Quiet Hours has been renamed Focus Assist
  • "Focus Assist" has been added as a new page
  • You can now set when Focus Assist has to turn on automatically
  • Focus Assist can now be set to turn on automatically in presentations, in full screen games or when you are at home
  • Apps and people that may break through Focus Assist can now be set
  • A summary can now be accessed to see what you missed during Focus Assist
  • Sound has been moved to the second place in the menu
  • A number of links to other sound settings have been added to Sound
  • "App volume and devices preferences" has been added under Sound and allows you to manage the audio input and output for each app individually
  • A link to System info has been added under About
  • The Multitasking icon has been updated to reflect Timeline
  • "Graphics Settings" has been added under Display to allow you to choose the preferred graphics performance an app should have, with options for System default, Power saving and High performance
  • Volume icons will now show as muted when the volume is muted
  • Resetting the App volume and device preferences page will now also reset app specific volumes you've set back to default
  • Account Protection and Device Security have been added to About


  • The font and size used in the handwriting panel can now be changed between Segoe UI, Segoe Print and Segoe Script
  • Options to enable multilingual text prediction has been added under "Typing"

Network & Internet

  • You can now select a network for which to show the overview of used data
  • A data limit can now be set under Data usage
  • Background data can now be restricted in general or when roaming
  • A settings has been added to tell Windows to prefer Cellular data over Wi-Fi
  • Wi-Fi and Ethernet connections can now be set to have background data restrictions
  • Pinning the Data usage page to Start will now result in a Live Tile
  • The option to create a new HomeGroup has been removed


  • The number of people you can pin can now be changed from 1 and 10 or all people in the flyout in My People
  • Suggestions in the My People flyout can now be disabled
  • Fonts has been added as a new page to manage Fonts
  • Details about fonts have been added and you can now preview a font with your own string


  • "Startup" has been added as a new page to provide settings for apps that should start at startup
  • UWP apps that are set to launch at startup will now show the tasks they are specified to do by their developer
  • Per-app settings now will show all permissions the app supports
  • The publisher and version of the app is now shown in the app detail page
  • A link to battery usage, lock screen notification settings and default apps has been added to the app settings pages
  • An app can now be terminated and/or uninstalled from its detail page
  • You can now manage which execution aliases you want apps to be able to use
  • You can now set Windows to automatically adjust a video based on the lighting in your environment
  • You can now sort your startup apps
  • You can no longer set how video playback should work while on battery power
  • "Stream HDR video" has been enabled for more devices
  • You can now calibrate your display with built-in HDR video output with "Change calibration settings for HDR video on my built-in display"


  • When allowed, Windows will now repopulate Windows Spotlight and badges on the lock screen if the PC is at rest in on the lock screen
  • "Use my sign-in info to automatically finish setting my device after an update or restart" now affects startup of applications
  • Security questions and answers can now be added to local accounts to help with password recovery
  • On Windows 10 devices in S mode, you can now setup a PC with Windows Hello or PIN without a password
  • The "Use my sign-in info..." text has been updated

Time & language

  • The default keyboard can now be changed independently from the display language
  • Enabling hardware keyboard suggestions can now be done from the Keyboard settings
  • The "Choose a language to install" UI has been revamped into a model instead of a full page
  • Each language entry now shows if it supports display, text-to-speech, speech recognition and/or handwriting
  • When installing a new language, the user gets the option to add additional usecases (like text-to-speech, etc.) and to set it as the display language
  • Language resources are now managed by the Microsoft Store, allowing them to be updated on a more regular basis
  • You can now change the behavior of the Emoji Panel to hide after selecting one emoji


  • Game Mode settings can now be reset with the "Reset Game Mode Settings"-setting

Ease of Access

  • The rail has been reorganized and now contains grouping headers
  • The descriptions for some settings have been rewritten
  • "Display" has been added as a new page with options to change the scaling of your primary screen, change the brightness, disable animations, disable transparency, disable the desktop background and the duration of a notification's visibility
  • Keyboard shortcuts are now shown under their relevant settings instead of at the bottom of the page for "Magnifier"
  • Background and window has been split up in "Change caption background" and "Dim window content" under "Closed captions"
  • Narrator's keyboard shortcut can now be disabled
  • Narrator can now be set to start automatically after login or before login for all users
  • The voice volume for Narrator can now be changed independently
  • Narrator can now let you hear voiced Narrator errors
  • Narrator can now be set to play an audio cue to confirm if an action was performed
  • You can now switch the Narrator cursor movement mode between Normal and Advanced
  • Narrator can now be set to sync the cursor and system focus
  • Narrator can now be set to read and interact with the mouse
  • You can now lock the Narrator keys to make sure you don't have to press them for each command
  • Under "Keyboard" it is now possible to disable the shortcut key for Sticky Keys, Toggle Keys and Filter Keys
  • Options to move faster when holding Ctrl and slower when holding Shift have been removed from "Mouse"
  • You can no longer set mouse keys when Num Lock is enabled under "Mouse"
  • The speech output for Narrator can now be changed under "Select audio channel for Narrator speech output"
  • Color options will now show a colorwheel to help you choose the right filter
  • "High contrast" and "Color" have been split up in their own pages
  • Color Filters now provides a description of the filter you're using
  • Narrator now allows to control the verbosity of text characteristics
  • Aduio has been added as a new page and allows you to change the volume, enable mono audio and show visual audio alerts
  • Speech Recognition has been added as a new page and allows you to enable Windows Speech Recognition
  • Eye Gaze Control has been added as a new page
  • Adds "Curser, pointer, and touch feedback" and moves cursor thinness, pointer size and color and touch feedback settings to this new page
  • The current Narrator settings can now be set to be used for login
  • The hotkey to send feedback when Narrator is running can now be set to Caps Lock + E
  • Under Audio, a new "Change other sound settings" link has been added to the classic sound settings
  • "Other options" has been removed
  • Under Display, it is now possible to disable automatically hiding scrollbars
  • Under Color filters, it is now possible to disable the color filters hotkey
  • "Cursor, pointer and touch feedback" has been renamed "Cursor & pointer size"
  • "High Contrast Black" is now the default High contrast theme
  • Help links have been added to Narrator to help you learn to use Narrator
  • Speech now includes information and settings for dictation, Cortana and Windows Speech Recognition
  • A number of "Related settings"-links have been added to Ease of Access


  • Under "Notifications" a setting has been added to disable collection suggestions


  • "Activity history" has been added and contains all data Cortana uses for "Pick up where you left off"
  • "Documents", "Pictures" and "Videos" have been added as new pages under Privacy, allowing you to disable access to these 3 areas of your device on a per-app basis
  • Activity history can now be filter by accounts
  • Access to Account info, Contacts, Callendar, Call history, Email, Tasks, Messaging, Documents, Pictures and Videos can now be disabled on a system level, stopping anything from requesting these permissions
  • Win32 apps installed from outside the Microsoft Store are now also affected by the "Let apps use my camera hardware" setting
  • Windows Camera is no longer hidden from the list of apps that can use your camera
  • You can now choose if Windows should sync your activities with the cloud, this enables a 30 day history in Timeline
  • Under "Diagnostics & feedback" you can now find a setting to enable data viewing
  • A button has been added to downoad and open Diagnostic Data Viewer
    • You can now view your diagnostics data by event
    • Diagnostic events can now be searched through
    • You can now filter on category
  • Privacy has been split in "Windows permissions" and "App permissions" subsections
  • "File system" has been added as a new page to allow apps access to your file system
  • You can now delete all Diagnostic data from "Diagnostics & feedback"
  • The user dictionary can now be viewed under "Speech, Inking & Typing"

Update & Security

  • The bandwidth used by foreground downloads can now be limited for Windows Update and Microsoft Store updates
  • "View installed update history" has been moved to the bottom of the Windows Update page
  • The description explaining how Windows Update works has been removed
  • "Options for restarts" has been removed from Windows Update
  • Windows Update now shows an additional button with more restart options when an update is waiting for a reboot to install
  • Windows Update will now show a longer message when your device is up-to-date as well as a link to see what's new
  • "Windows Defender" has been renamed "Windows Security"
  • Windows Security now lists protection areas and direct links to their pages in the Windows Defender Security Center including Virus & threat protection, Account protection, Firewall & network protection, App & browser control, Device security, Device performance & health and Family options
  • On a PC with AC power, Windows Update will keep an inactive PC from going to sleep for 2 hours when installing an update


  • The Settings home page has been rearranged into a horizontal grid
  • The rail now uses an acrylic background
  • Improved search strings to find more relevant results
  • General improvements to settings to help Narrator navigate between search, the navigation list and the main landmarks, headers will no longer be seen as at the bottom


  • Game Bar has been redesigned with support for the dark and light theme
  • Game Bar now gives quick access to your captures, toggle your microphone and camera and edit the title of your Mixer stream
  • A clock has been added to the Game Bar
  • Game Bar settings has been made easier to use


  • An extended user-mode API for third-party virtualization stacks and applications to create and manage partitions at the hypervisor level, configure memory mappings for the partition and create and control execution of virtual processors has been added
  • When a Bluetooth device is ready to pair and is detected in range, Windows will show a notification to connect to it
  • Ultimate Performance has been added as a new power scheme for Pro for Workstation and Enterprise devices
  • When forcing a shutdown by holding the power button, Windows will show a message and collect data before shutting down
  • It is now possible for enterprises to run custom actions during feature updates
  • It is now possible for enterprises to run post rollback scripts
  • The OOBE privacy settings have been revamped with every setting now having its own page
  • Support for the High Efficiency Image File Format has been added


  • It is now easier to scroll with Eye Control
  • Direct right and left click has been added to the Eye Control launchpad
  • Start, Timeline, Settings and Device calibration have been added to the Eye Control launchpad
  • You can now hide the launchpad
  • Narrator is now available when entering safe mode via msconfig.exe

Language and input

  • The on-screen keyboard now uses an acrylic background
  • The full on-screen keyboard is now available for all languages except Korean, Japanese, Traditional Chinese and Simplified Chinese
  • Reorganized the handwriting panel options
  • Improved re-recognition of words when writing a letter on top of another
  • Words can now be split in the handwriting panel by drawing a vertical line where it needs to split and will provide space to write in between the words
  • The Japanese IME can now provide text suggestions from AI chatbot Rinna
  • The hardware keyboard can now also show text suggestions
  • Shape-writing is now enabled on the wide keyboard
  • The gesture to add a space in-between letters on the handwriting panel has been changed to a carrot
  • The handwriting panel will now commit written text by drawing an angle of 90°
  • Improves the button layout for Chinese Simplified Handwriting
  • The on-screen keyboard's buttons now use Acrylic and are once again lighter than the background
  • New and improved recognition of words to provide better emoji predictions in Arabic (Saudi Arabia), Danish (Denmark), German (Germany), Greek (Greece), English (Great Britain), Spanish (Spain), Spanish (Mexico), Finnish (Finland), French (France), Hebrew (Israel), Hindi (India), Italian (Italy), Dutch (Netherlands), Norwegian (Norway), Polish (Poland), Portuguese (Brazilian), Portuguese (Portugal), Russian (Russia), Swedish (Sweden), and Turkish (Turkey)
  • The emoji panel will no longer close after inserting one emoji
  • The Tamil keyboard has been added
  • Updates the Sinhala and Myanmar keyboards for more comprehensive ways of inputting sequences
  • Improved input of compositions on the Amharic keyboard
  • The Amharic keyboard will now insert Amharic script directly instead of English letters with predictions
  • The Emoji Panel is now supported in 190 locals, with 152 supporting tooltips
  • The data behind the emoji panel has been revamped further to include more words
  • Hardware keyboard suggestions now respect your theme color
  • The on-screen touch keyboard now supports the split layout for all languages except Korean, Japanese and Chinese (Simplified)
  • The standard touch keyboard layout is now available for Japanese, Korean, Quick and ChangJie for Traditional Chinese
  • When pausing after using the split gesture in the handwriting panel, the space will now close again
  • The shift key on the touch keyboard will now stay visually pressed when double tapped to indicate caps lock is engaged
  • The full touch keyboard now supports keyboard shortcuts that contain 3 keys
  • The dictation UI has been updated
  • The Embedded Handwriting Panel is now available
  • Improved handwriting recognition with Hindi support
  • The on-screen keyboard will now dynamically switch between the 3 first languages set on the device
  • Text Prediction has been added for Assamese, Bashkir, Belarusian, Greenlandic, Hawaiian, Icelandic, Igbo, Irish, Kyrgyz, Luxembourgish, Maltese, Maori, Mongolian, Nepali, Pashto, Sakha, Tajik, Tatar, Tswana, Turkmen, Urdu, Uyghur, Welsh, Xhosa, Yoruba and Zulu
  • Search in the emoji keyboard has been enabled for more than 150 locals
  • If shapewriting is not supported, the shapewriting trail will no longer be visible


  • The Web Media Extensions pack for Edge is now a default app, adding support for OGG Vorbis and Theora

Control Panel

  • Options to manage HomeGroups have been removed
  • "Clock, language and region" has been renamed "Clock and Region"
  • Settings to change the input methodes and managing languages have been removed

Microsoft Store

  • Fonts can now be downloaded from the Store


  • A warning has been added to Paint to alert users that the program will be removed from Windows in favor of Paint 3D and be made available through the Store

Snipping Tool

  • Snipping Tool now has an "Edit in Paint 3D" button

Task Manager

  • When a process is suspended or has a suspended child process, an icon will be shown in the Status column of the Processes tab

Windows Defender Security Center

  • Windows Defender Application Guard is now available on Windows 10 Pro
  • The context menu in the system tray now allows you to do a quick scan, update Defender definitions, change the notifications and open Windows Defender Security Center
  • Windows Defender systray icon now uses a modern context menu
  • The Home heading has been updated to say "Security at a glance"
  • Under "Virus & threat protection" the "Quick scan" button has been renamed "Scan now" and "Scan history" has been renamed "Threat history"
  • Controller folder access settings have been moved to their own page named Ransomeware protection
  • Account protection has been added with links to connect to a Microsoft Account and to setup Windows Hello and Dynamic Lock
  • Device Security has been added with options to enable Memory integrity and options to manage processor security
  • You can now let Windows Defender Security Center alert you when there are problems with Dynamic Lock under Settings

Windows Subsystem for Linux

  • WSL can now be configured to some extend with wsl.conf
  • AF_UNIX allows for socket connections between Linux processes on WSL and Windows native processes
  • NTFS has a new flag to set on directories to indicate all operations in those directories should be treated as case sensitive

Other features

  • Pressing Ctrl + Shift and then Ok in the Run dialog will now launch the application elevated
  • The Share dialog box now contains Near Share which allows you to share files and urls over Bluetooth
  • The properties-window of an executable file now allows you the change the behavior for overriding the system DPI
  • WSL processes that set themselves up to run in the background will now keep running after closing the last console window
  • WSL processes that require elevation and that do not require it can now run at the same time
  • WSL is now supported over OpenSSH, VPN, Enter-PSSession and/or other Windows remoting tools
  • Wslpath has been added as a new tool to convert Linux paths to their Windows equivalents
  • Windows Command line Toolchain with bsdtar and curl are now available in Windows
  • Unix style sockets (AF_UNIX) are now available on Windows
  • Support for Work Folders with Files-on-Demand
  • Get-DeliveryOptimizationLog has been added to the available PowerShell cmdlets to retrieve decoded logs for Delivery Optimization
  • If an UWP app requires access to your pictures, videos or documents it will now have to ask for permission
  • Setting up Windows Hello Face, Fingerprint or PIN unlock can now be done from the lockscreen
  • "Update and shutdown" is now an option if updates are pending to install once more

And further

  • Upgrades will now remember to disable hibernate and Fast Startup
  • Yu Gothic Bold got improved with a consistent baseline alignment and improved clarity of various Kana characters
  • Introduces a number of new policies to manage Delivery Optimization
  • Hive data is now stored in the Registry process
  • Localizations can now be found in the Microsoft Store
  • Improved reliability for Near Share
  • Full support for Adobe-style OpenType Variable Fonts
  • Windows 10 S users will see their PC run in "Windows 10 Pro in S Mode"
  • A number of emojis have been updated for a more consistent design
  • Bluetooth mice should now perform better when the system is under load

And further

  • Unknown fixes and enhancements

Friday, April 6, 2018

Windows 10 Pro Licensing Logic (OEM to VL)

From time to time the Windows 10 Pro vs. Enterprise discussion comes back. Just to clarify from a security point of view and also in relation's of limitations the Enterprise edition is still the best and recommended way to go. It offers a tremendous value in terms of security and manageability.

But we still have customers were the financial pain is so huge that we need to cut very important features as well just to fulfill their serious budget limits. 

Caution!  Just one word as advice. DO NOT TRY TO MAP WINDOWS7 TO WINDOWS 10 !!!

Its the same as you want to use a Ferrari in the same way as you did with your VW Golf before. Please rethink your potential modern workplace even only with PRO instead of Enterprise. It does not make sense to do the stuff the old way as you fear the new way or you are not willing to ask what could be the new way for you to simplify things.

If you had to go with Windows 10 Pro (knowing all current and future potential limitations) then you can go with the PRO license coming on your OEM device. There is still the rule that having 1 Windows 10 Pro VL license bought through commercial licensing brings you the right to use the VLSC and download your Windows 10 Pro Image ISO you can use for further deployment.

Please checkout here:

You find here the sentence:

Using Commercial Licensing media to reimage.
Commercial Licensing Windows Desktop operating system media may be used to reimage devices if all devices being reimaged are licensed for the edition and version of Windows being reimaged onto them. (Note: Each device being reimaged does not need to be licensed under Commercial Licensing if they are properly licensed for the edition and version being reimaged onto them.)

(Which is given when you have an OEM Windows 10 Pro you can reimage with Windows 10 Pro but only in the given edition and version. So Windows 10 version and Pro edition.) I asked a few years ago MS license Q and that's what they explained to me as well.

Another Reference

And please be aware. You can not stop the update train! Which is from security point of view the only valid way. From a management point of view rethink things. Windows 10 is not a project. Its a continuous process!

Azure AD connected devices print to onprem printers

More and more customers ask me why still using on prem AD. Well there are still a few things we need on prem. That's why hybrid is still needed. One thing is printing. 

But now we can also print from Azure AD joined devices to on prem printers.

There are a few prerequisites:
  • Windows 10 1703 (Creators Update) or higher.
  • Windows Server 2016 on your print servers.
  • An Azure AD tenant.
  • Azure AD Connect, to synchronize your Active Directory with Azure AD.
  • An MDM service, e.g. Intune, to configure the print settings on each device.

Monday, March 26, 2018

Microsoft Defender - out of the darkness into the light

Often customers ask me for advice in regards of Antivirus. The next I explain in general is the difference between user-mode and kernel-mode. To make a long story short. Antivirus solutions use in general kernel-mode filter drivers. When you do there a mistake then you will see a bluescreen. Internal studies for reasons of bluescreens reveal 70% bugs in filter drivers from 3rd parties.

There are some AV vendors out there with a very poor code quality in filter drivers. I will not blame here specific vendors. The users of these vendors often raise complaints to me about them. Unfortunately these vendors have extra ordinary enterprise management capabilities. So you see pros and cons.

On the other side I hear often the "old" stories about Microsoft Windows Defender in terms of AV scanning results. Its absolutely true that these results were in the past - before June 2015 - very bad (specifically the tests from independent (how independent they are in reality I can neither proof nor deny!)). 

MS did a complete rewrite of the code and structure they are using. Combining with new technologies like block on first sight, machine learning and many more. This brought up a very good AV solution right now.

In the past I used for example AVIRA for my personal computer. But now I can state there is no other paid AV solution necessary for me. I started also in trusting Microsoft Windows Defender and its companion SystemCenter Endpoint Protection (actually the same engine. Only the management plugin makes the defender enterprise ready.)

To get the full story also checkout this blog entry from Brad Anderson.

Monday, March 19, 2018

Revised Windows 7 Skylake support by Hardware Vendors

Recently customers pressured us to accelerate Windows10 projects as they are loosing Windows 7 Skylake supported devices. And there are good news but as still it depends.

1. Windows 7 support is only given until Skylake (Intel 6th Generation). If you want to go with newer processors then you have to speed up with your Windows 10 migration.

2. If you are willing to stay with Skylake then you will receive Windows Support until January 2020.

"New Skylake devices on the supported list will also be supported with all applicable security updates for Windows 7 and Windows 8.1 through the end of support dates. During the support period, these systems should be upgraded to Windows 10 to continue receiving support after the period ends. Be aware that all support for Windows 7 ends on January 14, 2020 for all devices and support will end for Windows 8.1 on January 10, 2023."
According to: FAQ: What is the support policy for Windows 7/8.1 devices with Intel’s sixth generation of processors (also known as Skylake) that was released in late 2015?

3. Many of the hardware vendors extended the availability of certain Skylake systems until end of 2019. Also here its a decision of the hardware vendor how long they will support.


This slide is from the Dell Client Solutions Roadshow 2018. I recommend to attend this roadshow for more information's. And/or contact your Dell representative! 

HP, Lenovo and others are extending as well. For more Information's visit