Translate

Tuesday, December 18, 2018

Remote control during WinPE - Guest Article

Sometimes its useful to have during WinPE something like remote control. In Win7 I did this with VNC server running in WinPE. But there is even a nicer MS way to do it. This article here refers to a guest article (outside of Microsoft) contributing its own PowerShell code. The code is not from me so no warranty on it!

Thanks to Dan Padgett for making it and thanks to Björn making me aware of it!


So here the link to the guest article:
https://execmgr.net/2016/02/02/dart-remote-control-winpe-the-nice-way/

Extend and read Windows Update Log

Sometimes something went wrong during Windows Updates. So it would be helpful to know what's  going wrong. Therefore we have the Windows Update Log. But where is it, how to read and how to extend to get even more out of it.

Beware - in Windows 10 the Windows Update logfile is by default in ETL format! 

This is an internal logging format from Microsoft. To "translate" it in to human readable format you need to to convert it. This is fortunatelly very simple.

1. Open Powershell
2. Type in: Get-WindowsUpdateLog (and press Enter)
3. Last line will tell you where the WindowsUpdate.log file was written.


How to enable extended logging
Microsoft Product Support Services may ask you to turn on verbose logging. To turn on verbose logging, add the following registry key with two values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Value name: Flags
Value type: REG_DWORD
Value data: 00000007

Value name: Level
Value type: REG_DWORD
Value data: 00000004
This registry key turns on an extended tracing to the %systemroot%\Windowsupdate.log file. Additionally, this registry key turns on an extended tracing to any attached debuggers.  


How to read and understand the log

You will find a comprehensive article on this here:
https://support.microsoft.com/en-us/help/902093/how-to-read-the-windowsupdate-log-file

Windows Defender Antivirus Exclusions

As every Antivirus solution also MS had some exclusions for files not being scanned. This is mainly for performance but also for operational reasons. E.g. you have a VHD file from a VM. The VM Guest itself is already scanning itself. So no need for the host to scan an VHD file. But there a still others. Here you get a comprehensive updated list for exclusions from field MS support engineers.

Especially SCCM, SQL and IIS workloads need additional exclusions for operational reasons!



The recommendations for each section are separated between "Operational" and "Performance" levels.  Operational recommendations are highly encouraged to be added to your exclusions list.  Performance recommendations should only be considered if you are experiencing such issues that may be a result of your antivirus product.
The following information will cover what could be recommended for your environment.
Details on the variables referenced:
  1. <InstallDrive> can be multiple drives in some environments, so it is best to use a wildcard if possible for the antivirus solution you have deployed throughout your environment.  Please refer to your vendor’s documentation for further instructions.
  2.  <InstanceName> is the name of the SQL instance you are using in your environment.  Please be aware if you use any named SQL instances or the default, "MSSQLServer".
  3.  <SQL Version> is the version of SQL you are using in your environment.  This may also differ between each SQL service referenced between versions SQL Server 2005-2008 R2 and SQL Server 2012+.  Please be aware of what version you have installed.  309422 and the article below can provide you with more details.
How to determine the version, edition and update level of SQL Server and its components
Core Exclusions for Supported Versions of Windows
  • Operational
    • %allusersprofile%\NTUser.pol
    • %windir%\Security\Database\*.chk
    • %windir%\Security\Database\*.cmtx
    • %windir%\Security\Database\*.csv
    • %windir%\Security\Database\*.edb
    • %windir%\Security\Database\*.jrs
    • %windir%\Security\Database\*.log
    • %windir%\Security\Database\*.sdb
    • %windir%\Security\Database\*.xml
    • %windir%\SoftwareDistribution\Datastore\Datastore.edb
    • %windir%\SoftwareDistribution\Datastore\Logs\edb.chk
    • %windir%\SoftwareDistribution\Datastore\Logs\edb*.jrs
    • %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
    • %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
    • %windir%\System32\GroupPolicy\Machine\Registry.pol
    • %windir%\System32\GroupPolicy\User\Registry.pol
Reference: 822158
ConfigMgr Core Installation Exclusions (All Versions)
  • Operational
    • <InstallDrive>\Program Files\Microsoft Configuration Manager\Inboxes\*.*
    • <InstallDrive>\Program Files\Microsoft Configuration Manager\Install.map
    • <InstallDrive>\Program Files\Microsoft Configuration Manager\Logs
    • <InstallDrive>\Program Files\SMS_CCM\Logs
    • <InstallDrive>\Program Files\SMS_CCM\ServiceData
References: 327453, SCCM 2012 Antivirus Exclusions
ConfigMgr Core Installation Exclusions (Current Branch Versions)
  • Applicable to 1511+
    • Operational
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\cd.latest
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\EasySetupPayload
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\AdminUIContentPayload
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\AdminUIContentStaging
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\CMUStaging
  • Applicable to 1602+
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\CMUClient
  • Applicable to 1610+
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\PilotingUpgrade
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\RLAStaging
  • Applicable to 1702+
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\CMProviderLog
Reference: 327453
ConfigMgr Content Library Exclusions
  • Operational
    • <InstallDrive>\SMS_DP$
    • <InstallDrive>\SMSPKG<DriveLetter>$
    • <InstallDrive>\SMSPKG
    • <InstallDrive>\SMSPKGC$
    • <InstallDrive>\SMSPKGSIG
    • <InstallDrive>\SMSSIG$
  • Performance
    • <InstallDrive>\SCCMContentLib
    • <InstallDrive>\<ConfigMgr Backup Directory>
      • Ex. D:\SCCMBackup
    • <InstallDrive>\<ConfigMgr Package Source Files>
      • Ex. D:\SCCMSource
Reference: 327453
ConfigMgr Imaging Exclusions
  • Operational
    • <InstallDrive>\ConfigMgr_OfflineImageServicing
    • %windir%\TEMP\BootImages
  • Performance
    • %SystemDrive%\_SMSTaskSequence
Reference: SCCM 2012 Antivirus Exclusions
ConfigMgr Process Exclusions
NOTE***Process Exclusions are necessary only when aggressive antivirus programs consider System Center Configuration Manager executables (.exe) to be high risk processes.
  • Operational
    • Client Side
      • %windir%\CCM\Ccmexec.exe
      • %windir%\CCM\CmRcService.exe
      •  %windir%\CCM\Ccmrepair.exe
      • %windir%\CCM\Ccmsetup.exe
    • Server Side
      • %windir%\CCM\Ccmexec.exe
      • %windir%\SMS_CCM\Ccmexec.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Cmupdate.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Sitecomp.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Smsexec.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Smssqlbbkup.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Smswriter.exe
      • <InstallDrive>\SMS_<SQLFQDN>\bin\x64\Smssqlbbkup.exe
Reference: 327453
ConfigMgr Client Exclusions
  • Operational
    • %windir%\CCM\*.sdf
    • %windir%\CCM\Logs
    • %windir%\CCM\ServiceData
    • %windir%\CCMCache
    • %windir%\CCMSetup
Reference: 327453
SQL Server Exclusions
  • Operational
    • SQL Server Process Exclusions
      • SQLServr.exe
        • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version><InstanceName>\MSSQL\Binn\SQLServr.exe
      • ReportingServicesService.exe
        • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
      • MSMDSrv.exe
        • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Bin\MSMDSrv.exe
    • SQL Server data files
      • *.mdf
      • *.ldf
      • *.ndf
    • SQL Server backup files
      • *.bak
      • *.trn
    • SQL Audit files
      • *.sqlaudit
    • SQL Query files
      • *.sql
    • SQL Trace Files
      • *.trc
    • Analysis Services data files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Backup
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Data
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Log
    • Full-Text catalog files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\MSSQL\FTData
    • Reporting Services Files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\Reporting Services\LogFiles
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\Reporting Services\RSTempFiles
    • Replication Files
      • <InstallDrive>\Program Files (x86)\Microsoft SQL Server\<SQL Version>\COM
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>\COM
    • Replication Snapshot Files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\MSSQL\ReplData
      • These files typically have file name extensions of the following:
        • *.sch
        • *.idx
        • *.bcp
        • *.pre
        • *.cft
        • *.dri
        • *.trg
        • *.prc
    • Checkpoint and delta files
      • No specific file extension for the files
      • Files are present under the folder structure identified by the container of type FILE_STREAM from sys.database_files
    • DBCC CHECKDB Files
      • Files will be of the format <Database_data_filename.extension>_MSSQL_DBCC<database_id_of_snapshot>
      • For more information, see the following article:
        • 2974455 DBCC CHECKDB behavior when the SQL Server database is located on an ReFS volume
    • Exception Dump Files
      • *.mdmp
    • Extended Event Files
      • *.xel
      • *.xem
    • Filestream data files
      • SQL 2008 and later versions
    • In-memory OLTP Files
      • Present in a xtp sub-folder under the DATA directory for the instance
      • File formats include the following:
        • xtp_<t/p>_<dbid>_<objid>.c
        • xtp_<t/p>_<dbid>_<objid>.dll
        • xtp_<t/p>_<dbid>_<objid>.obj
        • xtp_<t/p>_<dbid>_<objid>.out
        • xtp_<t/p>_<dbid>_<objid>.pdb
        • xtp_<t/p>_<dbid>_<objid>.xml
    • Remote Blob Storage files
      • SQL 2008 and later versions
    • Windows Failover Clustering (If applicable)
      • <Quorum Drive> (Ex. Q:\)
      • %windir%\Cluster
      • MSDTC directory in the MSDTC drive
References: 309422250355, 2974455 
IIS Exclusions
  • Operational
    • IIS Compressed Files
      • IIS 6.0:
        • %SystemRoot%\IIS Temporary Compressed Files
      • IIS 7.0+:
        • %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
    • IIS Worker Process
      • %windir%\System32\inetsrv\w3wp.exe
      • %windir%\SysWOW64\inetsrv\w3wp.exe
Reference: 817442
WSUS Exclusions
  • Operational
    • %SystemRoot%\SoftwareDistribution\Datastore
    • %SystemRoot%\SoftwareDistribution\Download
    • %ProgramFiles%\Update Services\LogFiles\WSUSTemp
    • <InstallDrive>\WSUS\UpdateServiceDBFiles
    • <InstallDrive>\WSUS\WSUSContent

Thursday, November 29, 2018

Servicing Stack Update - what it is and when you need it!

From time to time it is necessary to fix the Windows Setup itself. This is the so called "Component Base Setup" CBS. This you will also find the setup logs. For several reasons it might be necessary to do an update!


Here you will find the latest Servicing Stack Updates:

(Sometimes they have even something to do with security fixes.)
 
You will find this also in my "Important Links" list.


So what is it in detail?

The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.

For more information please refer to:

When and how to apply?

Best is to add it via DISM right after applying the image in a Task Sequence in SCCM. So you ensure it is already updated before Windows Setup starts its tasks. e.g. with this command during an task sequence where your are still offline but C:\Windows exists due to the fact that you applied the image first and then you run this command in a SCCM package:

dism /Image:C:\ /Add-Package /PackagePath=windows10.0-kb00001-x64.msu /LogPath=C:\Windows\logs\dism-add-stackservicingpackage.log
Write them in one line! Word wrapping is just for better readability in my blog!

The missing path to the MSU file is by purpose. The command always get executed in the same directory as the command is invoked by the Task sequence SCCM package. 

Also image directory in offline mode (Windows PE) is C:\



You have also the option to mount the Vanila WIM Image (it is important that is is NOT a built and capture image for upgrade scenarios!) and add the servicing stack update directly there. So it becomes out of the box part of the WIM file.

But keep in mind if you are using the WIM image for Windows 10 inplace upgrade (7 to 10 or 10 old to 10 newer) then your are only allowed to do a very limited set of image modifications. Built and capture is absolutelly forbidden in this scenario.

You can add the following to the WIM used for upgrades:



1. Latest servicing stack update (for your particular Windows version!)1. Latest cummulative update (for your particular Windows version!)
2. Latest cumulative update (for your particular Windows version!)
3. Additional feature on demand packages (keep in mind you need to look for the right Feature on demand DVD that fits to this version of windows!)
4. Language packs (also need to fit to the right version of Windows!)

NEVER mix up versions!

Kudos to Manuel for sending me the link of the repo! ;-)

Thursday, November 22, 2018

Network connection from public to private with Powershell

Sometimes the Windows 10 network connection will be classified automatically as public or private and it is not in the way as it should be. As this will affect firewall rules you sometimes get by a domain group policy. The effect is that your software cant communicate anymore when this was done wrong.

How to fix this?

Very simple with PowerShell!

1. Open an Admin PowerShell Command Prompt.
2. Type in: Get-NetConnectionProfile
3. Check the name from your network connection. Keep in mind when you have Security features like credential guard and/or HyperV enabled you will see more "Unidentified networks". You can safely ignore them. Here in my example the network is called "CAP".
4. Type in: Set-NetConnectionProfile -Name "CAP" -NetworkCategory Private

Your setting will be active immediately!





Wednesday, November 21, 2018

Azure AD - DSRegCMD output checked in Powershell

Sometimes you have to deal with DSREGCMD Output.

Means the interesting output of DSREGCMD need to be further analyzed in PowerShell.

Here a useful example I found. 

Keep in mind the array (@) is just containing 4 examples.
May be you need to extend it for further. 





$template = @'
        AzureAdJoined : {AzureAdJoined*:YES}
     EnterpriseJoined : {EnterpriseJoined:NO}
        AzureAdJoined : {AzureAdJoined*:NO}
     EnterpriseJoined : {EnterpriseJoined:YES}
        AzureAdJoined : {AzureAdJoined*:NO}
     EnterpriseJoined : {EnterpriseJoined:NO}

        AzureAdJoined : {AzureAdJoined*:YES}
     EnterpriseJoined : {EnterpriseJoined:YES}
'@


PS C:\> dsregcmd /status | ConvertFrom-String -TemplateContent $template


AzureAdJoined EnterpriseJoined
------------- ----------------
NO            NO

Tuesday, November 20, 2018

Windows 10 - 1809 whats new

Windows 10 - Version 1809
Build 10.0.17763.1

Start

  • Start now supports the always visible scrollbar setting
  • Folders can now be named

Cortana + search

  • Search now supports previews from apps, documents and other media
  • Search will now show a wider UI by default
  • Search will now show your recent activities
  • File location, last modified and author metadata is now shown in search results
  • When searching for downloads of Windows software, start can now directly link the download button
  • Design improvements to the home screen when Cortana isn't enabled or supported

Taskbar + Action center

  • Notifications in the Action center will now fade in when opening the Action center
  • The blurry app-toasts will now be dismissed to the Action center instead of disappearing completely
  • The brightness Quick Action has been removed from the battery fly-out
  • Timeline will now blur the background with acrylic
  • Screen snip has been added as a new quick action
  • The "Start" tooltip has been added when hovering over the start button
  • Edge tabs will now be shown as individual windows in Task View

User Interface

  • Any type of activity can now be restored instead of only documents
  • Inbox text controls now use the CommandBarFlyout control allowing you to cut, copy and paste with touch, and to bolden, italicize, etc. fonts in rich text surfaces with new animations and more Fluent Design
  • The Ease of Access flyout on the login screen has been updated to show Narrator with an on/off-toggle
  • Dropdowns will now have a drop shadow
  • Task View no longer has an acrylic background
  • The embedded handwriting panel is now enabled by default

File Explorer

  • HEIF files can now be rotated in File Explorer
  • Metadata for HEIF files can now be edited
  • The File-button will now follow your accent color
  • File Explorer now supports the dark theme
  • "Open Linux Shell here" has been added to the context menu in explorer
  • The dark theme for File Explorer has been updated to use a lighter grey for the content area and the Ribbon's tab bar
  • The "Sorting by file size" size requirements have been updated: Tiny, Small, Medium, Large, Huge and Gigantic are now defined as 0 – 16KB, 16KB – 1MB, 1 MB to 128 MB, 128 MB – 1 GB, 1 GB – 4 GB, and > 4 GB
  • Updated "Remove access" and "Advanced security" icon

Microsoft Edge 18

Edge

  • The Books-section in the Hub now supports pull-to-refresh
  • Books pinned to the Start screen will now show a live tile that cycles through the cover and your progress
  • Support for same-site cookies has been added
  • The ellipses menu will now show icons for every item
  • New tab, Reading list, Books, History and Downloads have been added to the ellipses menu
  • The jumplist for Edge will now show your top sites
  • Right-clicking on a folder now allows you to "Show in folder" and "Copy link"
  • Hovering over the sound-icon in a tab playing sound will now result in the icon lighting up
  • Pressing F1 will now bring you to Microsoft Edge support instead of Microsoft Edge tips
  • Edge now has a beta-icon in Insider Previews
  • Shadows have been added to the address bar and tabs
  • The ellipses menu has been reordered with icons for its options
  • You can now hide Hub, Notes and Share icons in the Edge address bar
  • You can now show the Reading list, Books, History and Downloads icons in the Edge address bar
  • Edge settings have been reorganized into 4 categories, with a design similar to the Hub
  • Under ... > Settings > Advanced, you can now control how media should start playing
  • PDF-files now have an icon with a red ribbon and no Edge logo
  • You can now mute a tab even if it isn't playing audio yet
  • Book data can no longer be exported
  • The permission dialogs have been updated with a new design and strings
  • The Hub now has a smaller design matching the look of the new Settings panel
  • The highlighted reading list item has now its design from pre-1803 again
  • AutoPlay permissions can now be controlled for each site individually
  • Keyboard shortcuts have been added to the ellipses menu
  • You can now select and copy certificate details
  • A set of new Group Policies and MDM settings for IT administrators has been added
  • XSS Filter has been removed
  • Support for assigned access (kiosk mode) has been added
  • Books can now be shared from their context menu in the Hub
  • Improvements related to HTTP/2 and CUBIC support

PDF + EPUB

  • Printing PDFs now allows you to choose the scale of the print
  • Local files like PDFs will now appear in your browser history
  • Reading tools now has an extended set of themes
  • Highlighting now supports one, three or five lines
  • The PDF toolbar will now appear when your cursor comes near the top of the window
  • Some of the buttons in the PDF toolbar now have text
  • You can now look up definitions for words
  • The PDF toolbar can now be pinned to remain visible
  • Improved rendering performance for PDFs
  • Opening PDFs in Edge is now also remembered as an activity in Timeline

EdgeHTML

  • Support for .setDragItem has been added
  • relList is now supported on anchor elements
  • CSS3 Overflow wrap now works with overflow-wrap
  • CSS overscroll-behavior is now supported
  • Support for CSS Masks has been implemented partially
  • The srcdoc attribute is now supported for iframes
  • The Web Authentication API is now supported
  • The WebDriver implementation has been updated to match the Recommendation specification

about:flags

  • "Enable CSS Masking" is now enabled by default
  • "Enable CSS background-blend-mode property" has been added as a flag

Settings

System

  • Screen snip has been added as a new option to enable a quick action in Action center
  • Focus Assist will now disable all notifications when any game is playing full screen by default with "When I'm playing a game" added as a new option
  • "Free up space now" will no longer allow you to remove the previous Windows version
  • The previous Windows version can now be removed from "Change how we free up space automatically" by enabling "Delete previous versions of Windows" and clicking "Clean now"
  • You can now disable Edge tabs showing as individual tabs in Alt + Tab
  • Clipboard has been added as a new page and allows you to enable saving multiple items on the clipboard instead of just 1 and to sync the clipboard across devices
  • Under "Change how we free up space automatically" a new setting has been added to make files in Files On-Demand online-only after not using them for a while
  • You can now set clipboard to sync everything automatically or require you to choose what to sync
  • Windows HD Color has been added as a subpage under Display if you have an HDR-enabled display

Devices

  • Bluetoothdevices will now show their battery level
  • Clicking once on the pen tail button can now be set to make a screen snippet
  • You can now set the Print Screen button to make a screen snippet instead of a print screen
  • You can now name your audio device and set the preferred spatial audio format
  • You can now set your pen to behave like a mouse instead of scrolling and panning
  • When a Bluetooth device is low on battery power, you will get a notification
  • Typing insights has been added under "Typing" showing you statistics about how often Windows autocorrected spelling mistakes, predictions of the next word, word suggestions and the number of words typed by using gestures

Network & Internet

  • "Data usage" now shows how much data you've used while roaming

Apps

  • WebDriver has been added as a Feature on Demand
  • "Adjust video based on lighting" has been improved for devices with a light censor

Accounts

  • Setting up a new kiosk has been improved
  • Kiosk accounts can now sign in when a device starts

Time & language

  • The Language & Region page has been split into a Language and Region page
  • Region now allows you to overwrite the regional format settings that comes with the region set by the user
  • The calendar localization, first day of the week, short date and long date notation, short time and long time notation and currency can now be changed from Region
  • A link to the Microsoft Store has been added to Language to allow you to download Local Experience Packs
  • Improved performance when loading the Language settings page

Gaming

  • The Game DVR page has been renamed to Captures

Ease of Access

  • You can now keep the mouse centered on the screen in full-screen mode in Magnifier
  • 5% and 10% are added as new zoom increments
  • You can now make text bigger under "Display" with the "Make everything bigger" setting
  • Narrator's default keyboard layout has been updated
  • Dialog boxes are now automatically dictated by Narrator
  • Narrator can now search for text with Find
  • Narrator can now list links, headings and landmarks in applications or content
  • Results for landmarks can now be narrowed by typing in the list or the text field of the window
  • Pressing down in Scan Mode will now stop when the item is an interactive element
  • Starting Narrator will now trigger a Narrator Quickstart dialog
  • The Narrator Standard Keyboard now have the scan mode secondary action command and Spell current selection command

Cortana & Search

  • "Cortana" has been renamed "Cortana & Search"

Privacy

  • The "Speech, Inking & typing" page has been split into "Speech" and "Inking & typing"

Update & Security

  • Delivery Optimization Settings have been moved to be its own page in Update & Security
  • Windows is now better at predicting if you have left your PC for a long time before a restart is triggered to update
  • When an update is ready to install, Insiders will now see similar prompts like retail

Mixed Reality

  • Under "Audio", a setting has been added to mirror headset audio to desktop

General

  • Settings will now show FAQ's in the sidebar for English markets
  • Settings will now show tips on its home screen
  • New keywords have been added to better find settings

Ink Workspace

  • Screen Sketch has been split off to be a standalone app (similar to Stickies)

Gaming

  • When recording a game clip, the audio should now be of a higher quality

System

  • The networking stack has been revamped with the Net Adapter Framework
  • A clean install will now show an option to enable activity history sync
  • The Windows Security Center service now requires antivirus products to use a protected process to register
  • Support for IPv6 has been added to KDNET
  • The MBB USB NetDriver is now the default driver
  • Fonts can now be installed for the current user without admin permissions
  • The post-update experience may now show a screen asking you to configure new settings that might have been added since you device was set up
  • DTS:X has been added to the list of spatial audio technologies that can be used
  • Windows Hello is now supported for remote sessions with Azure Active Directory and Active Directory
  • Support for Web Sign-in has been added to Windows for ADFS and other profiders that support the WS-Fed protocol
  • Shared Windows PCs now support "Fast Sign-in"
  • Support for Unicode 11, including 157 new emoji, has been added as wel as updates to older emoji
  • Support for leap seconds has been added
  • Support for the Precision Time Protocol has been added
  • Software Timestamping has been added to eliminate the software delay caused by the Windows networking stack

Accessibility

  • Scan mode in Narrator now supports selecting content on most text surfaces
  • Narrator has a number of reliability improvements
  • Scan Mode has been improved with better reading and navigation
  • Feedback can now be send with the Narrator + Alt + F keystroke
  • The view type mode will now be called out reliably
  • Move to beginning of text now works with Narrator + B, Move to end of text now is Narrator + E

Language and input

  • When people emojis are in view, the skin colors will now be shown in a row instead of as a button
  • The handwriting panel now show the delete button in the top level menu, switching languages can now be done from the ellipses menu
  • Languages will now show which language is used as the default app language
  • SwiftKey is now used for English (United States), English (United Kingdom), French (France), German (Germany), Italian (Italy), Spanish (Spain), Portuguese (Brazil), or Russian
  • The clipboard button is now always visible in the on-screen keyboard's candidate pane
  • English (Australia) now upports shape writing
  • The emoji panel search function has been updated to support the Emoji 11.0 set

Input Method Editor

  • The IME toolbar has been redesigned to support the dark theme and more
  • The IMEs taskbar icon now has an extended context menu
  • The emoji panel now also works within the IME

Apps

Control Panel

  • Settings to manipulate the screen brightness have been removed

Diagnostic Data Viewer

  • Problem Reports has been added to the Data Viewer
  • The UI of the Diagnostic Data Viewer has been improved with a better search bar

Game bar

  • Game bar has now been added to the start menu
  • Game bar has been updated with audio controls to change the output device, mute the volume or adjust the volume for running apps and games
  • Game bar now shows framerates, CPU usage, GPU VRAM usage and system RAM usage
  • "Dedicate resources" has been added as a new option to Game bar

Internet Explorer 11

  • Support for same-site cookies has been added

Mixed Reality Portal

  • Sound can now be streamed to both the headset and PC
  • Some errors have been made clearer

Notepad

  • Notepad now supports UNIX line endings and Macintosh line endings
  • You can now search your selecting with Bing by pressing Ctrl + B or navigating to "Search with Bing..."
  • Support for wrap-around find and replace has been added
  • You can now zoom in and out
  • Line and column numbers are now supported when word-wrap is enabled
  • Improved performance when opening large files
  • Ctrl + Backspace is now supported to delete the previous word
  • Arrow keys now unselect text first and then move the cursor as you would expect
  • The line an column number will no longer reset upon saving a file
  • Notepad will now render lines that don't fit entirely on the screen correctly

Registry Editor

  • The address bar can now suggest paths

Screen Sketch

  • Screen Sketch has been added as a default app
  • Rectangular snipping is now the default snipping tool instead of full screen
  • Win + Shift + S will now show the snipping toolbar
  • Making a screenshot with Win + Shift + S will now trigger a notification to open Screen Sketch
  • The Screen Sketch toolbar will now follow the user theme

Snipping Tool

  • Snipping Tool will now show a message asking you to try Screen Sketch

Task Manager

  • The leaf-icon now has a tooltip
  • Suspended UWP apps will no longer show memory used by the app to reflect OS behavior
  • Both old and new memory columns can be enabled in details
  • The "Power usage" and "Power usage trend" columns have been added to "Processes"

Windows Mixed Reality

  • When using an Immersive Application you'll now have access to Quick Actions to go home, launch the capture tools, etc.
  • Flashlight can now be used to open a "portal" to view the real world with the camera

Windows Security

  • Windows Defender Security Center has been renamed Windows Security
  • Windows Security will now show threats more clearly
  • The rail now has an acrylic background
  • The options on the start page now scale according to the window width, similar to Settings
  • "Current threats" has been improved to show all threats that require an action
  • "Virus & threat protection now shows a list of recently blocked apps
  • IF the time-syncing service is disabled and the device's time is not synced with the time on Microsoft's servers, the "Device performance & health" page will show an option to turn syncing back on
  • "Security providers" has been added to Settings to view all your antivirus, firewall and web protections
  • Standalone users no longer need to change Registry key settings to configure Windows Defender Application Guard
  • Accounts managed by enterprise policies can now see how their device is configured for Windows Defender Application Guard

Windows Subsystem for Linux

  • You can now copy and paste with Ctrl + Shift + C and Ctrl + Shift + V

Windows Mail

  • Links will now always open in Microsoft Edge

Other features

  • Microsoft WebDriver has been added as a Feature on Demand
  • Windows Defender Firewall now supports Windows Subsystem for Linux Processes
  • Windows will now sync your clipboard across devices
  • Win + V will now open the clipboard
  • A wireless projection will now show a control banner at the top of the screen
  • The Remote Server Administration Tools are now part of Feature-on-Demand
  • When an app needs access to your microphone but it is not allowed so by the privacy settings, a notification will be shown
  • Mixed Reality no longer requires a monitor to be connected when running
  • The Camera Capture UI API is now available to apps in Mixed Reality
  • Improved video capture experience in Mixed Reality
  • When clipboard history is not enabled, you'll now be able to enable it from Win + V
  • You can now clean your clipboard history with the "Clear all" button

And further

  • After an upgrade, Windows might ask you to go over some setup settings that you may have missed due to features not being available during setup
  • The People flyout has been updated to use the new Microsoft Store icon
  • Improved scaling logic for apps when the screen DPI changes
  • Your Phone is now pinned to your desktop
  • Improves the amount of CPU cdpusersvc uses
Known issues
  • Task Manager is not reporting accurate CPU usage.
  • Arrows to expand “Background processes” in Task Manager are blinking constantly and weirdly.


Friday, November 16, 2018

SCCM Driver handling by model

All the time you have to add driver packages to the task sequence in SystemCenter Configuration Manager (SCCM). Therfore it is simple to use the builtin TS variable called "Model".

But to compare this you will need the correct model string to compare from your system.

Use the WMI Console command to get this very easy.
1. Start WMIC in admin window
2. type in: Computersystem get model

And below Model you will see exactly the string you need for the task sequence variable you need to compare with.


And here is exactly the place you can use this:


Thursday, June 28, 2018

SCCM Deployment Logging Variables

Sometimes its helpful to have SMSTS.LOG for debugging issues in SCCM OSD Deployments. But this log is very long and even with cmtrace logviewer anoying to read. 



You are looking probably for some very specific informations stored in variables.

Here is a comprehensive list of variables:

The following list describes the built-in variables that are available in Configuration Manager:
Built-in Variable NameDescription
_OSDDetectedWinDirThe task sequence scans the computer's hard drives for a previous operating system installation when Windows PE starts. The Windows folder location is stored in this variable. You can configure your task sequence to retrieve this value from the environment and use it to specify the same Windows folder location to use for the new operating system installation.
_OSDDetectedWinDriveThe task sequence scans the computer's hard drives for a previous operating system installation when Windows PE starts. The hard drive location for where the operating system is installed is stored in this variable. You can configure your task sequence to retrieve this value from the environment and use it to specify the same hard drive location to use for the new operating system.
_SMSTSAdvertIDStores the current running task sequence deployment unique ID. It uses the same format as a Configuration Manager software distribution deployment ID. If the task sequence is running from stand-alone media, this variable is undefined.

Example:

ABC20001
_TSAppInstallStatusThe task sequence sets the _TSAppInstallStatus variable with the installation status for the application during the Install Application step. The task sequence sets the variable with one of the following values:

1. Undefined: The Install Application step has not run.
2. Error: At least one application failed because of an error during the Install Application step.
3. Warning: No errors occur during the Install Application step. One or more applications, or a required dependency, did not install because a requirement was not met.
4. Success: There are no errors or warnings detected during the Install Application step.
_SMSTSBootImageIDIf the current running task sequence references a boot image package, this variable stores the boot image package ID. If the task sequence does not reference a boot image package, this variable is not set.

Example:

ABC00001
_SMSTSBootUEFIThe task sequence sets the SMSTSBootUEFI variable when it detects a computer that is in UEFI mode.
_SMSTSClientGUIDStores the value of Configuration Manager client GUID. This variable is not set if the task sequence is running from stand-alone media.

Example:

0a1a9a4b-fc56-44f6-b7cd-c3f8ee37c04c
_SMSTSCurrentActionNameSpecifies the name of the currently running task sequence step. This variable is set before the task sequence manager runs each individual step.

Example:

run command line
_SMSTSDownloadOnDemandIf the current task sequence is running in download-on-demand mode, this variable is true. Download-on-demand mode means the task sequence manager downloads content locally only when it must access the content.
_SMSTSInWinPEWhen the current task sequence step is running in Windows PE, this variable is true. Test this task sequence variable to determine the current operating system environment.
_SMSTSLastActionRetCodeStores the return code that was returned by the last action that was run. This variable can be used as a condition to determine if the next step is run.

Example:

0
_SMSTSLastActionSucceededIf the last step succeeded, this variable is true. If the last step failed, it is false. If the task sequence skipped the last action, because the step is disabled or the associated condition evaluated to false, this variable is not reset. It still holds the value for the previous action.
_SMSTSLaunchModeSpecifies one of the following task sequence launch methods:

- SMS: the task sequence started from the Configuration Manager client
- UFD: the task sequence started from legacy USB media
- UFD+FORMAT: the task sequence started from newer USB media
- CD: the task sequence started from a CD
- DVD: the task sequence started from a DVD
- PXE: the task sequence started from PXE
- HD: the task sequence started from prestaged media on a hard disk
_SMSTSLogPathStores the full path of the log directory. Use this value to determine where actions are logged. This value is not set when a hard drive is not available.
_SMSTSMachineNameStores and specifies the computer name. Stores the name of the computer that the task sequence uses to log all status messages. To change the computer name in the new operating system, use the OSDComputerName variable.

Example:

ABC
_SMSTSMDataPathSpecifies the path defined by the SMSTSLocalDataDrive variable. When you define SMSTSLocalDataDrive before the task sequence starts, such as by setting a collection variable, Configuration Manager then defines the _SMSTSMDataPath variable once the Task Sequence starts.
_SMSTSMediaTypeSpecifies the type of media that is used to initiate the installation. Examples of types of media are Boot Media, Full Media, PXE, and Prestaged Media.
_SMSTSMPStores the URL or IP address of a Configuration Manager management point.
_SMSTSMPPortStores the management point port number of a Configuration Manager management point.

Example:

80
_SMSTSOrgNameStores the branding title name that the task sequence displays in the progress dialog.

Example:

XYZ Organization
_SMSTSOSUpgradeActionReturnCodeStores the exit code value that Windows Setup returns to indicate success or failure. This variable is set during the Upgrade Operating System task sequence step. This variable is useful with the /Compat command-line option.

Example:

On the completion of /Compat, take action in later steps depending on the failure or success exit code. On success, initiate the upgrade. Or, set a marker in the environment (for example, add a file or set a registry key) to collect with hardware inventory. Use this marker to create a collection of computers that are ready to upgrade, or that require action before upgrade.
_SMSTSPackageIDStores the current running task sequence ID. This ID uses the same format as a Configuration Manager software package ID.

Example:

HJT00001
_SMSTSPackageNameStores the current running task sequence name specified by the Configuration Manager administrator when the task sequence is created.

Example:

Deploy Windows 10 task sequence
_SMSTSSetupRollbackSpecifies whether the operating system Setup performed a rollback operation. The variable values can be true or false.
_SMSTSRunFromDPSet to true if the current task sequence is running in run-from-distribution-point mode, which means the task sequence manager obtains required package shares from distribution point.
_SMSTSSiteCodeStores the site code of the Configuration Manager site.

Example:

ABC
_SMSTSTypeSpecifies the type of the current running task sequence. It can have the following values:

1 - indicates a generic task sequence.

2 - indicates an operating system deployment task sequence.
_SMSTSTimezoneThe _SMSTSTimezone variable stores the time zone information in the following format (without spaces):

Bias, StandardBias, DaylightBias, StandardDate.wYear, wMonth, wDayOfWeek, wDay, wHour, wMinute, wSecond, wMilliseconds, DaylightDate.wYear, wMonth, wDayOfWeek, wDay, wHour, wMinute, wSecond, wMilliseconds, StandardName, DaylightName

Example:

For the Eastern Time U.S. and Canada, the value would be 300,0,-60,0,11,0,1,2,0,0,0,0,3,0,2,2,0,0,0,Eastern Standard Time,Eastern Daylight Time
_SMSTSUseCRLWhen the task sequence uses HTTPS to communicate with the management point, specifies whether it uses the certificate revocation list (CRL).
_SMSTSUserStartedSpecifies whether a task sequence is started by a user. This variable is set only if the task sequence is started from the Software Center. For example, if _SMSTSLaunchMode is set to SMS. The variable can have the following values:

- true - specifies that the task sequence is manually started by a user from the Software Center.
- false - specifies that the task sequence is initiated automatically by the Configuration Manager scheduler.
_SMSTSUseSSLSpecifies whether the task sequence uses SSL to communicate with the Configuration Manager management point. If your site is running in native mode, the value is set to true.
_SMSTSWTGSpecifies if the computer is running as a Windows To Go device.
OSDPreserveDriveLetterThis task sequence variable is deprecated. During an operating system deployment, by default, Windows Setup determines the best drive letter to use (typically C:).

Previous behavior: when applying an image, the OSDPreverveDriveLetter variable determines whether or not the task sequence uses the drive letter captured in the image file (.WIM). Set the value for this variable to False to use the location that you specify for the Destination setting in the Apply Operating System task sequence step. For more information, see Apply Operating System Image.
SMSTSAssignmentsDownloadIntervalThe number of seconds to wait before the client attempts to download the policy since the last attempt that returned no policies. By default, the client waits 0 seconds before retrying.

You can set this variable by using a prestart command from media or PXE.
SMSTSAssignmentsDownloadRetryThe number of times a client will attempt to download the policy after no policies are found on the first attempt. By default, the client retries 0 times.

You can set this variable by using a prestart command from media or PXE.
SMSTSAssignUsersModeSpecifies how a task sequence associates users with the destination computer. Set the variable to one of the following values:

- Auto: The task sequence creates a relationship between the specified users and destination computer when it deploys the operating system to the destination computer.
- Pending: The task sequence creates a relationship between the specified users and the destination computer. An administrator must approve the relationship to set it.
- Disabled: The task sequence does not associate users with the destination computer when it deploys the operating system.
SMSTSDownloadAbortCodeThis variable contains the abort code value for the external program downloader (specified in the SMSTSDownloadProgram variable). If the program returns an error code equal to the value of the SMSTSDownloadAbortCode variable, then the content download fails and no other download method is attempted.
SMSTSDownloadProgramUse this variable to specify an Alternate Content Provider, a downloader program that is used to download content instead of the default Configuration Manager downloader, for the task sequence. As part of the content download process, the task sequence checks the variable for a specified downloader program. If specified, the task sequence runs the program to perform the download.
SMSTSDownloadRetryCountThe number of times that Configuration Manager attempts to download content from a distribution point. By default, the client retries 2 times.
SMSTSDownloadRetryDelayThe number of seconds that Configuration Manager waits before it retries to download content from a distribution point. By default, the client waits 15 seconds before retrying.
SMSTSDriverReceiveTimeOutThe number of seconds before the connection to the server times out.
SMSTSErrorDialogTimeoutWhen an error occurs in a task sequence, it displays a dialog box with the error. The task sequence automatically dismisses it after the number of seconds specified by this variable. By default, this value is 900 seconds (15 minutes).
TSDisableProgressUI Beginning in Configuration Manager version 1706, use this variable to control when the task sequence displays progress to end users. To hide or display progress at different times, set this variable multiple times in a task sequence. To hide task sequence progress, set the value of this variable to True. To display task sequence progress, set the value of this variable to False.
SMSTSDisableStatusRetry In disconnected scenarios, the task sequence engine repeatedly tries to send status messages to the management point. This behavior in this scenario causes delays in task sequence processing. Beginning in Configuration Manager version 1802, set this variable to True and the task sequence engine doesn't attempt to send status messages after the first message fails to send. This first attempt includes multiple retries.

When the task sequence restarts, the value of this variable persists. However, the task sequence tries sending an initial status message. This first attempt includes multiple retries. If successful, the task sequence continues sending status regardless of the value of this variable. If status fails to send, the task sequence uses the value of this variable.

NOTE: task sequence status reporting relies upon these status messages to display the progress, history, and details of each step.
SMSTSLanguageFolderUse this variable to change the display language of a language neutral boot image.
SMSTSLocalDataDriveSpecifies where temporary files are stored on the destination computer while the task sequence is running.

This variable must be set before the task sequence starts, such as by setting a collection variable. Once the task sequence starts, Configuration Manager defines the _SMSTSMDataPath variable once the Task Sequence starts.
SMSTSMPUse this variable to specify the URL or IP address of the Configuration Manager management point.
SMSTSPeerDownloadUse this variable to enable the client to use Windows PE Peer Cache.

Example:

SMSTSPeerDownload = TRUE enables this functionality.
SMSTSPeerRequestPortA custom network port that Windows PE peer cache uses for the initial broadcast. The default port configured in client settings is 8004.
SMSTSPersistContentUse this variable to temporarily persist content in the task sequence cache.
SMSTSPostActionSpecifies a command that is run after the task sequence completes. For example, you can use this variable to specify a script that enables write filters on embedded devices after the task sequence deploys an operating system to the device.
SMSTSPreferredAdvertIDForces the task sequence to run a specific targeted deployment on the destination computer. Set this variable through a prestart command from media or PXE. If this variable is set, the task sequence overrides any required deployments.
SMSTSPreserveContentThis variable flags the content in the task sequence to be retained in the Configuration Manager client cache after the deployment. This variable is different from SMSTSPersistContent, which only preserves the content for the duration of the task sequence. SMSTSPersistContent uses the task sequence cache, SMSTSPreserveContent uses the Configuration Manager client cache.

Example:

SMSTSPreserveContent = TRUE enables this functionality.
SMSTSRebootDelaySpecifies how many seconds to wait before the computer restarts. If this variable is zero (0), the task sequence manager does not display a notification dialog before reboot.

Examples:

0: do not display a notification

60: display a notification for one minute
SMSTSRebootMessageSpecifies the message to display in the restart notification dialog. If this variable is not set, a default message appears.

Example:

The task sequence is restarting this computer.
SMSTSRebootRequestedIndicates that a restart is requested after the current task sequence step is completed. If a restart is required, just set this variable to true, and the task sequence manager will restart the computer after this task sequence step. If the task sequence step requires a restart to complete the action, set this variable. After the computer restarts, the task sequence continues to run from the next task sequence step.
SMSTSRetryRequestedRequests a retry after the current task sequence step is completed. If this task sequence variable is set, the SMSTSRebootRequested must also be set to true. After the computer is restarted, the task sequence manager will rerun the same task sequence step.
SMSTSUDAUsersSpecifies the primary users of the destination computer by using the following format:

Example:

domain\user1, domain\user2, domain\user3

Separate multiple users by using a comma (,). For more information, see Associate users with a destination computer.


Thanks to MS @ https://docs.microsoft.com/en-us/sccm/osd/understand/task-sequence-built-in-variables