Translate

Thursday, December 31, 2015

Windows enterprise ready deployment on SURFACE Pro4

The great Surface Pro4 device is out and due to its outstanding capabilities many companies consider to use it as a enterprise device. But therefore you want to deploy it also in an enterprise manner.


Lets see how this works.

Rule 1 for Surface is as with any other device.
USE THE LATEST FIRMWARE AND DRIVERS!  You get them here.
Checkout recent history of firmware and drivers here.

Rule 2 you need something that allows you to boot from PXE over network

Option A: Use the Surface Pro3 dockingstation or Surface Dock. That allows you to boot via network cable from PXE with Gbit speed. Benefit of the Surface Dock is: You can update the firmware on the dock itself. Also it allows the user to choose their own viewangle (regarding the kickstand) on the Surface Pro 3/4 device.


Option B: Use the Surface Ethernet Adapter. This here supports PXE. This here is my favour. As in reality sometimes a user want to user a wired connection as well. So the user has at least one option to use the dock or the USB adapter to get a wired connection.


The Ethernet adapters in both solutions use the same chipset and provide identical functionality. Both adapters support gigabit connectivity for optimal performance during deployment, and both support the ability to boot from the network (PXE boot) without additional hardware.

Option C: You may use a 3rd party USB ethernet adapter. I dont recommend this as you have to add the adapter specific drivers first to an USB stick with an PE image you boot from stick. Then the PE integrated setup (e.g. MDT) can access the network. I would avoid this. 

Then there is another pitfall you have to keep in mind.
But this is not related to Surface in general. It is more related to the fact that slim tablets do not have wired PXE builtin.



Most PXE related deployment solutions check the MAC address to identify a machine. Then you have two options.

Option 1. Simply disable identification and allow deployment to all machines (known and unknown. Therefore I would protect your deployment e.g. through MDT with a password. Also make sure that the naming convention does not use MAC).

Option 2. Make use of MDT in general as MDT doet not use the MAC address to identify an individual computer. But you have to make sure that WDS where MDT is relying on allows unknown and known devices as well (Option in WDS server properties).

When you plan to use SCCM instead then there is even a higher dependency on this.
Please check out this BLOG.

The last question is how to tell the Surface to boot into the PXE boot.

To boot a Surface device from an alternative boot device, follow these steps:

  1. Ensure the Surface device is powered off.
  2. Press and hold the Volume Down button.
  3. Press and release the Power button.
  4. After the system begins to boot from the USB stick or Ethernet adapter, release the Volume Down button.

Note:  In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the pre-installation environment and navigate the deployment wizard.
 
There would could be even more to share.
To get the full MS story you can also checkout this BLOG here.

Monday, November 30, 2015

Windows Update for Business - how it works?

 
With Threshold 2 (v1511) Microsoft introduces Windows Update for Business (often also shortened as WUB). This is a new option to keep your infrastructure up-to-date. Just to avoid confusion. This is a new option. All old methods like WSUS/SUS or Windows Update still working!
 

This brings two benefits.

1. You get more granular control
2. You can use Windows Update without the need to use WSUS server on premise.

But keep in mind you need either: Windows Pro or Windows Enterprise. As Homeuser you do not have this option. There is an unsupported registry hack available as GPOs are using registry values.

When you use the Windows Insider program these settings are fully ignored (by purpose!)
 

How does it work.

 
 
Its very simple. Use this GPO
 
 
You find this GPO (since v1511 checkout the versioning blog entry here):
 
Computer Configuration\Administrative Templates\Windows Components\Windows Updates

You can control the upgrades (newer branches) and updates (e.g. Patch Tuesday Updates) differently. Upgrades you can defer by months. Updates you can defer by weeks.

Updates for Windows Defender are out of scope. Signature updates were installed as soon as they are available.

When you link this GPO with different settings on different OUs (Organizational Units) you can control how long a specific update/upgrade is defered.

If you find that a specific update/upgrade will cause an issue and you need additional time to fix it you can pause this until the next update/upgrade cycle. The checkbox is removed automatically after the next upgrade/update version appears.

This illustrates the different waves you can implement. You can also define more rings if you want. Typically you would also decide to test first with Insider branch or with current branch. Take advantage of your key users (e.g. SAP key user) to do the business process testing. The process owners are typically the guys they can tell you if the business process still works (e.g. SAP order, order printing etc.)


 
 
 
Here you find additional informations:
https://technet.microsoft.com/en-us/library/mt598226

My video about Windows Update and Rollout (sorry it was my session at German Technical Summit. Therfore the slides and video is in German only!) If you hear bad noise just re-adjust and lower the audio volume level. Somehow the recording get mixed badly.
 
Have fun and enjoy WUB ;-)

Fonts are missing after Windows 10 upgrade

Recently one of my friends in an international organization run into the issue that fonts from original Windows 10 RTW (July 2015) where missing after the upgrade to the next version (aka Windows 10 v1511 or Threshold 2)
 
For example, if the English (or German, Spanish...) version of Windows 10 was installed, then the Gautami, Meiryo, Narkism or PanEuropean font is missing.
 
Reason for this is that MS streamlined the space used on systems alot. Just think of tablets (32 GB or less) and co. To save storage space these optional fonts where removed (typically supporting languages not used in the targeted region)
 

 

For example, the Meiryo or Raavi font can be used for English, but they were added to Windows to support other languges: Meiryo was created to support Japanese; Raavi was created to support Panjabi or other languages written in Gurmukhi script. Most English (or German, Arabic, Ukrainian...) speakers don't use Gurmukhi or Japanese writing, but they still would all have these fonts on their system, and many others intended for particular languages.
 
For better understanding you may read this:
http://answers.microsoft.com/en-us/windows/forum/windows_10-start/some-fonts-are-missing-after-upgrade/95839dfa-0df2-4bc0-875a-fd6b57e61fe4?page=1
 
Now lets come to a solution for this issue.
 

Home users go here:

Simply wait. :-) A maintenance task will detect the language settings and install the associated optional font features. It may take a few days before this happens. Until then, you can always install any optional font feature manually using the steps described below.
 
Installing optional features independent of language settings
Any of the optional font features can be installed manually without needing to change language settings. Here's how—I'll use the Hebrew Supplemental Fonts feature as an example:
  • Click the Start button.
  • In Settings, click System.
  • Click Apps & features.
  • Click on the link, Manage optional features.
  • If "Hebrew Supplemental Fonts" is not listed among the installed features, click on the "+" icon next to Add a feature.
  • Scroll to find "Hebrew Supplemental Fonts". Click on that item, then click on Install.
  • Click on the back arrow in the upper corner of the window.
You should see the Hebrew feature in the list as installed or in the process of being installed.
Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
Also note: If you are on a work machine, some businesses manage updates separately, in which case the optional features might not even be visible to you—when you go into Add a feature, you might not see the optional features listed. If that's your situation, please get help from your system administrator.
 

System Administrators go here:

You have also here 2 options. One for manual install and one for automatic via WSUS.


Option 1 (Manually):

Manually deliver the content using dism command from the current "Windows 10 Feature on Demand" DVD you can download from VLSC (Volume Licensing Service Center) or from MSDN.
 
There you find these fonts:
 
Behind these font family names you will find these fonts:
Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting
Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda
Canadian Aboriginal Syllabics Supplemental Fonts: Euphemia
Cherokee Supplemental Fonts: Plantagenet Cherokee
Chinese (Simplified) Supplemental Fonts: DengXian, FangSong, KaiTi, SimHei
Chinese (Traditional) Supplemental Fonts: DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU
Devanagari Supplemental Fonts: Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah
Ethiopic Supplemental Fonts: Nyala
Gujarati Supplemental Fonts: Shruti
Gurmukhi Supplemental Fonts: Raavi
Hebrew Supplemental Fonts: Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod
Japanese Supplemental Fonts: Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho
Kannada Supplemental Fonts: Tunga
Khmer Supplemental Fonts: DaunPenh, Khmer UI, MoolBoran
Korean Supplemental Fonts: Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe
Lao Supplemental Fonts: DokChampa, Lao UI
Malayalam Supplemental Fonts: Karthika
Odia Supplemental Fonts: Kalinga
Pan-European Supplemental Fonts: Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro
Sinhala Supplemental Fonts: Iskoola Pota
Syriac Supplemental Fonts: Estrangelo Edessa
Tamil Supplemental Fonts: Latha, Vijaya
Telugu Supplemental Fonts: Gautami, Vani
Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC
 
 
Please keep in mind these fonts have mostly an english part with letters you will see in latin form like ABC. Also all the way down you will see in RAAVI font (which is part of Gurmukhi Supplemental Fonts) also for e.g. Panjabi characters. You may find these with the little tool "charmap.exe" (which is part of Windows since Win3.1)
Now lets see how to add them to the system.
Simply copy the font family files from DVD and use dism to inject them on or offline as you like.

DISM.exe /Online /Add-Capability /CapabilityName:Microsoft-Windows-LanguageFeatures-Fonts-Ethi-Package
With DISM.exe /Online /Get-Capabilities you should get a list of installed features (incl. fonts) from a system where everything is still fine before you upgrade.
More to learn about this you may find here:
 

 

Option 2 (WSUS):

You can deliver it through WSUS. But therefor you need to install another Hotfix.


Update to enable WSUS support for Windows 10 feature upgrades:
https://support.microsoft.com/en-us/kb/3095113
 
After installing this hotfix you will see this (before you need to sync catalog again).
 

 


 
 
Have fun and enjoy the solution.
 
 
 
 
 
 
 
 
 


Wednesday, November 25, 2015

Windows Hello - you get addicted to it!

Recently I had the chance to get an Intel(R) RealSense(TM) Camera to test Windows Hello. I use it now for 4 weeks and believe me you get addicted to it. Its so cool to sit in front of you PC and in a fraction of a second you are logged in without typing your password.



How to set it up step by step.

1. First of all you need a Hello capable device. There are a few options. 
Either you buy or hava a maschine where this freaky new feature is builtin.
Hardware that allows this either had a fingerprint reader, Iris scanner or even the Intel Realsense Camera (currently the only web camera that support this feature)


Microsoft Hardware with Hello Support: 
  • Microsoft Surface Pro4 (Microsoft own developed infrared sensor)
  • Microsoft Surface Book (Microsoft own developed infrared sensor)
  • Microsoft Lumia 950 (Iris scanner)

Notebooks with Intel RealSense Camera:
  • Dell Inspiron 5548
  • Lenovo ThinkPad Yoga 15
  • Lenovo ThinkPad E550
  • Asus N551JQ
  • Asus X751LD
  • Asus ROG G771JM 

All in One PCs with Intel RealSense Camera:
  • Dell Inspiron 700
  • HP Sprout
  • Lenovo B5030

Refer to:
http://www.intel.com/content/www/us/en/architecture-and-technology/realsense-devices.html

Or you buy the Intel RealSense Developer Kit (just for IT Pros with good business justification. Home users forget it - better buy the right hardware! I will tell you at the end!)

To get this kit you have to register first with Intel (on Click Intel website).

Then you can buy it here:
http://click.intel.com/intel-realsense-developer-kit.html

Cost is currently 99 US-$ plus shipping (plus taxes, which made it very expensive for me as I ordered it to Germany and had a lot of fun with German customs!)

But be careful. This camera is a developer kit with limited warranty (90 days). Its a very large and heavy. It has the size of 3 to 4 regular webcams. And for correct function you really need an USB3 connection to your PC.

When you had that all then you plug it in.

Since mid-november 2015 Microsoft delivers through Windows Update also an updated driver for it. With this driver you can use the RealSense camera also with Skype (for proper function select the "Intel(R) RealSense(TM) 3D Camera Virtual Driver")

There you can choose out of 3 different RealSense drivers. Try them out with Skype - its fun. In the picture below you see the "Depth" driver which is used to recognize your face. The measurement is much more granular as you may think out of this picture below.

 
Microsoft did tests with a large bunch of identical twins. The "wrong" twin could not login to the system. And just making a picture also not. The sensor also take advantage of infrared. So beheading would also not really help.

When you have connected all and the driver is installed then best is to reboot the machine.


2. Now lets setup Windows Hello

Go to Settings -> Account -> Sign-in options

Step 1: Define a PIN for this you have to enter your domain password.

Keep in mind your PIN is only stored on your device. You have to setup your PIN each time on each different device you want to use it. The PIN is stored securely with Windows Passport. To learn more about Windows Passport checkout this here

Why do you need the PIN?
It might be you are injured or there is a malfunction with the camera or for any other reason your face is not recognized. Then you have another fallback option to logon with your PIN. You could even use your password but we want to get rid of passwords. So this is really a good option and a must have for the setup.


Step 2: Click on Windows Hello: Face "Set Up"

 


Step 3: Click on "Get started"
 
 
 
Step 4: Type in the PIN you have defined in Step 1
 

 
 
 
 
Step 5: Let the camera recognize your face.
 
 

 


Step 6: Repeat the step 5 through click on "Improve recognition". When you wear glasses then its best to repeat the step without glasses also. When your are finished simply close the dialog.




When you now lock your screen Windows is looking for you with the little eye symbol. Whenever your screen get black in power saving mode then you will see that the indicator light from the camera also went off. The camera is only looking for you while you are not in front of the PC until power saving kicks in. And just a couple seconds after you logged on.

The biometric data of your face is also stored on your device with Windows Password. It is not transfered to your active directory.


Why is the Intel Developer Kit only for IT Pros with a good business justification?
  1. The camera is good for testing in a larger environment.
  2. For day to day use in a mobile device built-in solutions are much better. The Intel developer kit camera is huge and heavy to cary on. I do that for demonstration purposes for my customers but its not really fun in cable handling.
  3. Intel asks you for the reason why they should ship that developer kit to you. I had a good justification but that does not mean you have also a good one.
  4. When you are IT admin or IT specialist in a large organization e.g. SIEMENS or MICROSOFT then this might be a good one. If you want to use it just by your own. Better you look for integrated hardware. (These guys only buy the stuff for testing to tell then their manager also to buy the integrated HW solutions like Dell Inspiron 5548).

Have fun playing with this awesome feature. I love it!


#### UPDATE 1 for users of Surface Pro3  - March 19th 2016####
The new TypeCover with Fingerprint Reader enables Windows Hello Feature also on Surface Pro3 DEVICES.


Checkout this blog as well:
http://www.ms-labrats.de/2016/03/biometric-windows-hello-also-with.html  

#### UPDATE 1 END ####

Windows Errors - what's that 0xC0000005 ???

Whenever you catch something like an hex errorcode without knowing what it is for. Then this may help you a lot.

Windows Errors on MSDN 

Here you may find the answer (Based on errors coming from WinError.h which is the source for Base OS errors).
 
Please keep in mind whenever you are looking for an error here you have to remove the leading zeros (00000...) (e.g. dont lookup for 0xc0000005  just look for 5)
 
Here you see the example:
 
ERROR_ACCESS_DENIED
5 (0x5)
Access is denied.
 
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx

Windows Errors with Error Lookup Tool (Err.exe)

 
When you are looking for more than just errors coming from WinError.h then you get more possible error codes and also error sources when using the "Exchange Server Error Lookup Tool."
Exchange is in this case somehow missleading. Actually its about the Windows error code ressources.
 
https://www.microsoft.com/en-us/download/details.aspx?id=985
 
Simply download it and extract the err.exe file. You can simply execute it with the errorcode.
 
err.exe 0xc0000005 which reveals what OS header files include a description of this error code. That might be more as just the (WinError.h or ntstatus.h)

 
"Usage: err <value> [value] [value]…
where <value> must be of one of the following forms:
  • Decorated hex (0x54f)
  • Implicit hex (54f)
  • Ambiguous (1359)
  • Exact string (=ERROR_INTERNAL_ERROR)
  • Substring (:INTERNAL_ERROR)
 
All values on the command line as well as any associated information, will be in internal tables in Exchange Windows OS Server (see following example). If available, informational data associated with the value or values will also be displayed. By default, this tool searches all tables, but you can restrict the output to those tables you deem appropriate by adding "/<tablename>" to the beginning of the command line."
 
And don't think it is old. Most of the error codes existing for a very long time. The dump was extracted from Windows source code in 2003. And believe it or not but an access denied is still the same error code.
 
This tool may not help with all the brand new fancy features where the error is very specific. But also these fancy features still rely on the good old Windows basics. Like file access is denied to use this feature.
 
Give it a trial. It may help you to look into the right direction.
And in doubt use ProcMon from Mark Russinovich https://technet.microsoft.com/en-us/sysinternals/processmonitor
 

 


Tuesday, November 24, 2015

Windows 10 Licensing Logic - Long Term Service Branch

Licensing is for some a nightmare and for others fun. I am none of either parties. Anyway its part of my job to explain also these aspects. Recently I found out there is some curiosity around the LTSB licensing topic and I did my own research on it.
 
Its quite tricky to get it licensed in not so common scenarios.
 
When you are an enterprise with your own Microsoft volume licensing contract then everything is fine. You can go for all of the different so called branches.
 
Big questionmark for any ISV / OEM is how to deal with the "evergreen" politics of Microsoft. In general this "being always up to date" is a good thing for a couple reasons:
  1. You never need to pay for Windows again on the same machine and you'll always have the latest version
  2. No more wipe and reload upgrades
  3. Software vendors and developers can almost guarantee that 90% of Windows users will have the same build
The third point there should make you smile if your PC has ever crashed or you've needed to phone support because an application isn't working. There are so many combinations of OS, patches, drivers, runtime files and versions around that reliability and consistency are devilishly hard to achieve. Applications and peripherals should work far better if the manufacturers and developers can work to a stable and single platform.

(For nice side kick checkout this blog entry as well http://www.ms-labrats.de/2015/11/windows-10-reducing-disk-footprint.html)

On the other side you may face some supporting issues with your special ISV software you want to avoid (e.g. may be you are not able to make all the updates just in time to make sure your customer can use your cashier systems. Also you want to avoid possibly interuptive things like Cortana. I personally dont believe that this may happen but other still does.)
 
It become more tricky when you are a service provider (e.g. cashier systems) and you do not want to tell the customer they can only get the LTSB with an enterprise version where you need also an volume licensing agreement and software assurance.
 
Also the question may arise the difference between:
Windows 10 IoT Enterprise vs. Windows 10 Long Term Servicing Branch.
Technically there is NO difference. When you check out features available in LTSB and in IoT Enterprise its the same. There is even no dedicated Windows 10 IoT Enterprise image available (as of today - things may change over time). Its in fact the LTSB branch. Just a different "marketing vehicle" in the different market spaces.
 
Means for corporate standard users the Windows 10 versions are:
 
  • Windows 10 Pro (Limited feature set with basic security like Bitlocker)
  • Windows 10 Enterprise (Full feature set especially also around security for enterprises)
  • Windows 10 Enterprise LTSB (a few less features as Enterprise like no Cortana, no Edge and no 1st party MS Universal Apps, Updates only by WSUS)
 
and in the IoT-Space (Internet of Things):
 
  • Windows 10 IoT Enterprise (Full feature set of Windows 10 LTSB as it is identical)
  • Windows 10 IoT Mobile Enterprise (Enterprise managable version of Windows 10 for Phones with additional support for PoS devices)
  • Windows 10 IoT Core (Focused for devices without screen. Like Arduino2 PCs. More focused on sensor functionality or headless functions)
When you are service provider (ISV/OEM) you are more looking for a easy solution to provide the customer the needed license.
 
There you have a couple options.
 
As ISV - NOPE there is currently no way to license an operating system in the ISV Royalty Program. So you have to look for either getting it throught the OEM channel. Ask your OEM hardware provider for it.
 
As OEM you can get the licenses through Microsofts Embedded Distribution (these are not thre regular OEM distributors. You have to look for Embedded Distributors like Arrow, Avenet or Elbacom (no preference just alphabetical order))


The table shows you as service provider one option called "Windows 10 v2015 Enterprise Upgrade" (or in 2-3 years another year version). (These license terms were valid while this blog was published. This may change over time!)




With this version you are eligable to use the current and past LTSBs (downgrade rights).
Without Software Assurance you have only the first 5 years support (only security updates)
With Software Assurance your have support for additional 5 years (only security updates as LTSB gets by purpose no new features).

This means when you buy e.g. the Windows 10 v2015 Enterprise Upgrade (without SA) you are eligable for one static version (in this case v2015 with support until Oktober 2020). To get another 5 years of support you have to buy additionally software assurance at the beginning. This also allows you to use future LTSB versions.

If you plan to go for regular distribution like EA/MPLS or Open (the customer had already a device) then you need for Enterprise always an underlying qualifying operating system (i.e. windows 10 pro, windows 8.1 pro, windows embedded 8.1 industry etc.)

If you talk to your Embedded Distributors you can get the licensing in the way you would do with OEM licenses. They provide you the OPK Kit and this form also allows you to preactivate your license and skip the OOB.

To get the full story see also here:
http://blogs.technet.com/b/uktechnet/archive/2015/07/13/windows-10-licensing-logic.aspx
(Thanks to Harry Eagles and David Cattanach)

UPDATE 2018-3-28
There was a change in licensing to mention. Unfortunately I did not found a reference on MS Websites for this. In my country Germany there are two vendors offering a way to buy Windows embedded licensing for your production machines. These are Arrow and Avnet. I just added a good performance based explanation for the new LTSB licensing model when you need a couple single licenses outside of an EA or MPSA agreement. http://www.msembedded.biz/en/embedded-software/windows-10-iot-enterprise-2016/

Monday, November 23, 2015

Windows 10 reducing the disk footprint

There are some good and space saving news around Windows 10

image



  1. You do not need a recovery partition anymore (recimg.exe is removed!)
  • Instead files for recovery are used from /Windows/WinSxS folder
    • Space savings aprox. 4 GB
  • Nearly up to date recovery
    • All updates are included EXCEPT the last 30 days for a good reason (to prevent that you recover a situation where a recent update broke your system).
  2. Space savings thought "Compact OS"
  • You can trigger it manually through COMPACT.EXE /CompactOS:always
  • MDT 2013 Update1 Task Sequence
  • SCCM 2012 R2 SP1 Task Sequence
And yes there are small drawbacks. As the OS files are compressed there is a little bit more utilization on OS file access as it also need to decompress the files. But with todays processors the impact is little compared to space savings. Just think about 32 GB tablets with allways low space.

Check the full story here with Mike Niehaus:
http://blogs.technet.com/b/mniehaus/archive/2015/09/16/windows-10-reducing-the-disk-footprint.aspx
 

Windows 10 deployment with SCCM 2012/vNext

Windows 10 deployment with SCCM looks like fun but!

First of all the image capture and deploy scenarios work fine as you have learned with Win7/Win8.

There is also a "supportability thing" to keep in mind:


Windows 10 Build Support 

(Threshold 1 - Build 10240 GA in July 2015)
(Threshold 2 - Build 10586 GA in November 2015):
  • System Center 2012 Configuration Manager SP2 CU1
  • System Center 2012 R2 Configuration Manager SP1 CU1
  • System Center Configuration Manager (Min. TP3)
 
(Redstone - (Build 1xxxx TBD) GA in Summer 2016):
  • System Center Configuration Manager (RTM GA expected end 2015)
This version adds new servicing capabilities needed for Redstone and beyond. To get FULL feature support for Windows 10 you should migrate to the latest ConfigMgr available.

Also ConfigMgr will introduce similar versioning as Windows Client as well.

To get more reference checkout here:
http://blogs.technet.com/b/configmgrteam/archive/2015/10/27/system-center-configmgr-support-for-win-10-and-intune.aspx

SystemCenter Config Manager 2016 Technical Preview 4 publicly available

SystemCenter Configuration Manager 2016 Technical Preview 4 is now publicly available! Same as with Windows Server 2016 TP4 no production support available! This is for testing only.

This is the last technical preview before the general availability (GA) of the current branch of System Center Configuration Manager. This release is a great opportunity for you to get your hands on the next version and try it out before it is officially available!
New features in this technical preview include:
  • Mobile Device management (MDM): enhanced feature parity with Intune standalone – With this technical preview, many of the MDM features that are supported via Intune standalone (cloud only) are also enabled for Configuration Manager integrated with Intune (hybrid). MS will publish additional information later this year about the specific capabilities which will be supported with a hybrid deployment. 
  • Integration with Windows Update for Business – With Technical Preview 4, you have the ability to view the list of devices that are controlled by Windows Update for Business.  
  • Certificate provisioning for Windows 10 devices managed via on-premises mobile device management
While this build is very similar to the final System Center Configuration Manager build, it also includes several features for early preview. You will notice that this technical preview is a full setup and not an upgrade from previous releases. Moving forward, this release will be used as a baseline to deliver technical preview updates, similar to how we have delivered updates to Technical Preview 3 in September and October.


If you may wonder there is an internal difference between SystemCenter and SystemCenter Configuration Manager. When you are in WSSC TAP (MS Beta Program) you operate on Windows Client&Server and the rest of the SystemCenter products exept on SystemCenter Configuration Manager where a dedicated TAP program is available. Some things are more equal than others ;-)

Also keep in mind there is a ton of new functionality around the new endpoint protection. With Windows 10, System Center Configuration Manager Technical Preview will manage Windows Defender on Windows 10 computers without installing a separate Endpoint Protection agent. This means that all malware management and reporting will now come from Defender. The Endpoint Protection agent is still required for Windows 8.1 and earlier Windows operating systems. But there are much more new features like cloud scan. Stay tuned to find out more here.

Reference:
http://blogs.technet.com/b/configmgrteam/archive/2015/11/19/now-available-system-center-configuration-manager-technical-preview-4.aspx


Download SCCM TP4 here:
http://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview

Tons of good free official MS Ebooks can be found here: https://mva.microsoft.com/ebooks#9780735695832


Windows Server 2016 Technical Preview 4 publicly available



Windows Server 2016 Technical Preview 4 is now available for download.
This is intended for testing only. No production use permitted.

See here what are the new features:

  • What's New in Nano Server. Nano Server now supports the DNS Server and IIS server roles, as well as MPIO, VMM, SCOM, DSC push mode, DCB, Windows Server Installer, and the WMI provider for Windows Update. Its Recovery Console supports editing and repairing the network configuration. A Windows PowerShell module is now available to simplify building Nano Server images.
  • Windows Containers: Windows Server 2016 Technical Preview now includes containers, which allow many isolated applications to run on one computer system. They build fast and are highly scalable and portable. Two different types of container runtime are included with the feature, each with a different degree of application isolation. Windows Server Containers achieve isolation through namespace and process isolation. Hyper-V Containers encapsulates each container in a light weight virtual machine. For some additional information on containers, see Containers: Docker, Windows and Trends.
  • What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview. Active Directory Domain Services includes improvements to help organizations secure Active Directory environments and provide better identity management experiences for both corporate and personal devices.
  • What’s New in Active Directory Federation Services. Active Directory Federation Services (AD FS) in Windows Server 2016 Technical Preview includes new features that enable you to configure AD FS to authenticate users stored in Lightweight Directory Access Protocol (LDAP) directories. For more information, see Active Directory Federation Services Overview [Role/Tech Overview].
  • What's New in Failover Clustering in Windows Server Technical Preview. This topic explains the new and changed functionality of Failover Clustering. A Hyper-V or Scale-out File Server failover cluster can now easily be upgraded without any downtime or need to build a new cluster with nodes that are running Windows Server 2016 Technical Preview.
  • What's new in Hyper-V on Windows Server 2016 Technical Preview. This topic explains the new and changed functionality of the Hyper-V role in Windows Server 2016 Technical Preview, Client Hyper-V running on Windows 10, and Microsoft Hyper-V Server Technical Preview.
  • Windows Defender Overview for Windows Server Technical Preview. Windows Server Antimalware is installed and enabled by default in Windows Server 2016 Technical Preview, but the user interface for Windows Server Antimalware is not installed. However, Windows Server Antimalware will update antimalware definitions and protect the computer without the user interface. If you need the user interface for Windows Server Antimalware, you can install it after the operating system installation by using the Add Roles and Features Wizard.
  • What's New in Remote Desktop Services in Windows Server 2016. For the Windows Server 2016 Technical Preview, the Remote Desktop Services team focused on improvements based on customer requests. We added support for OpenGL and OpenCL applications, and added MultiPoint Services as a new role in Windows Server.
  • What's New in File and Storage Services in Windows Server 2016 Technical Preview. This topic explains the new and changed functionality of Storage Services. An update in storage quality of service now enables you to create storage QoS policies on a Scale-Out File Server and assign them to one or more virtual disks on Hyper-V virtual machines. Storage Replica is a new feature that enables synchronous replication between servers for disaster recovery, as well as stretching of a failover cluster for high availability..
  • What's New in Web Application Proxy in Windows Server Technical Preview. The latest version of Web Application Proxy focuses on new features that enable publishing and preauthentication for more applications and improved user experience. Check out the full list of new features that includes preauthentication for rich client apps such as Exchange ActiveSync and wildcard domains for easier publishing of SharePoint apps.
  • What's new in the Windows console. The underlying console host (Conhost.exe) has been updated in several ways, adding new and different functionality to the Windows command prompt, the Windows PowerShell prompt, and any other character-mode applications. For details, see What's New in the Windows Console in Windows Server 2016 Technical Preview and Console Improvements in the Windows 10 Technical Preview , but you should take note of these important changes:
    • The new console functionality is enabled by default. If an existing application doesn't work properly with the new console, you can select Use legacy console on the Options tab and then restart your application. You can also control individual aspects of the new functionality with registry keys; see details at the linked topics.
    • Console windows can be resized dynamically with the mouse. This could cause issues with some console applications.
    • Quick Edit mode is enabled by default. If this conflicts with your application, you can disable it on the Options tab.
    • There are new keyboard shortcuts for copy, paste, and history navigation. If these conflict with your application, you can disable them on the Options tab (look for Enable CTRL key shortcuts and Extended test selection keys).
    • The default font type for new console windows is TrueType. You can still use raster fonts, but they won't scale properly on some displays.
    • Text wraps and reflows by default when you resize a window. If necessary, you can disable this on the Layouts tab.
    • In some cases, after upgrade installation, fonts in the console window might be very small. To adjust this, use the Fonts tab.
  • What’s New in Windows PowerShell 5.0. Windows PowerShell 5.0 includes significant new features—including support for developing with classes, and new security features—that extend its use, improve its usability, and allow you to control and manage Windows-based environments more easily and comprehensively. Multiple new features in Windows PowerShell Desired State Configuration (DSC) are also described in this topic.
  • What's New in Networking in Windows Server Technical Preview. The majority of what you’ll find for networking is new in TP3. We bring a scalable network controller for programming policies, an L4 load balancer for high availability and performance, enhanced gateways for hybrid connectivity, and an underlying network fabric that converges RDMA traffic together with tenant traffic, DNS policies that control how your DNS servers respond to incoming requests, and better integration of DNS and IPAM.
    (Reference: https://technet.microsoft.com/en-us/library/dn765472.aspx)

  •  

    Test Download can be found here:

    https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview

    The full announcement can be found here:

    http://blogs.technet.com/b/server-cloud/archive/2015/11/19/make-innovation-easier-with-windows-server-2016-and-system-center-2016-technical-preview-4.aspx

    Sunday, November 22, 2015

    Windows 10 Versioning

    Introducing with Windows 10 Build 10586 Microsoft introduced a new versioning scheme.

    Internal code name was Threshold 2. To be able to make a difference between the builds easily (beside from internal branch builds and Insider Builds) you can check the version with winver.exe



    With the new Windows as a service methodology there is a new need to differentiate the builds.

    Version is now written as last 2-digit release year and last 2-digit release month. In this case 1511 is equal to 2015 November.

    MS-Labrats went online

    Hi all,

    Time goes by and finally I decided to start with this blog to share my thoughts and learnings around MS Infra stuff.

    I worked years ago as a Microsoft Lab Engineer (as a vendor in German Labs). That's why I think the name comes close to it. I am German but decided to write this blog in English to make the findings available for more people on the planet. So please excuse my non-native English.

    To make a long story short. I love Windows and work in the Windows Space. Still very close with Microsoft. And I am happy to share all the stuff I am allowed to share.

    This is also a help to remind myself on all the cool stuff I see along the days.

    So stay tuned!