13  Jan
2017

Hey folks.  Just wanted to say a quick hello as I have been extremely quiet on here lately.  This has been due to a combination of different things which  include lots of commuting, personal issues, family issues and of course the dreaded work time!! I am going to try and commit to at least 1 blog post a week, hopefully more.

I have spent the first 2 weeks of 2017 with the dreaded man flu so had lots of time at home to think about what the year entails. I have a few things which I am aiming for in 2017.  The current list is as follows:

  • Community – I am going to try and make it to more Citrix User Groups as I failed miserably last year due to work commitments.  I will also try to get to E2EVC in Prague. Hotel and tickets have been purchased! Again, missed the last one due to work!
  • Career – I have spent the past 5 years doing nothing Citrix work but over the past 6 months I have been doing a physical Windows 10 Design. Whilst I have enjoyed learning more about SCCM and Windows 10 I have really missed doing Citrix stuff so hopefully I can possibly get some Azure/AWS/Citrix work in 2017. Let’s see how it pans out Smile
  • Certifications – In 2016 I managed to renew my VCP exam and also got my MCSE 2012 Cert. In 2017 I want to start looking into Cloud stuff more so looking to complete some AWS and Azure certifications. I am hoping to post some study tips on here.
  • Fitness – I am climbing Scafell Pike in May 2017 for a charity called LimbPower. I am an amputee and managed to climb Snowdon in 2016 so really looking forward to my 2nd Mountain. Hoping to get out at least once a week for training and gym a few times a week.

So that’s it. I hope I can report that on the 1st January 2018 I have smashed all those goals.

 

Laters!

Posted by neil, filed under Windows Server 2008. Date: January 13, 2017, 7:16 pm | No Comments »

 

Hey people Smile 

I came across an issue today which is one of those “Microsoft, WTF and why have you done this?”

On a current Windows 10 Deployment I am doing we are using the Unified Write Filter to ensure that the Operating System is secure as possible.  We had tested all the features and were nearly ready to hand over to the customer for testing and they came back with some early testing and they saw lots of interaction with some external hosts.  Upon further investigation this is due to the wonderful Telemetry where Microsoft tracks what you are doing and kindly uploads if for you with you asking them to. 

Now for secure Enterprise environments this is not really ideal, they don’t really want their usage information tracked by Microsoft and also wasting bandwitht. We disable this using the following commands:

sc delete DiagTrack >NUL
sc delete dmwappushservice >NUL
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f

The problem was after doing this we found we were unable to use the Unified Write Filter. When we tried to enable it we got the following Error:

“Could not enable the Unified Write Filter (There are no more endpoints available from the endpoint mapper).

image

After a bit of digging around the Unified Write Filter functionality seems to be reliant upon the dmwappushservice.  Why this is I am not sure yet but I cannot see any logical reason as there functionality is complete separate. Anyway, after leaving this service enabled the Write Filter functionality was back again Smile 

image

Lesson learnt – do not disable this service if you require the unified write filter functionality Smile

Posted by neil, filed under Windows 10. Date: November 23, 2016, 3:08 pm | Comments Off on Could not enable the Unified Write Filter

 

Whilst testing some Fine Grained Password Policies in Windows 10 today I came across the following message which I had not seen before:

image

I did a bit of investigation and it turns out that there is a setting which will reboot the desktop and put it into BitLocker recovery mode if you enter your password wrong.  This is set by the default SCM Templates to a threshold of 10.  Whilst this setting is obviously for security reasons I would imagine its one of these settings which is more trouble than its worth in a large Enterprise Deployment.  I can imagine a lot of calls to helpdesk being made!

You can disable the setting by setting the following GPO setting to 0:

GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshold

image

So if you are setting Account Lockout settings at the Domain Level then make sure that you set this setting to higher than your User Account Lockout threshold otherwise you may find your users machines becoming unusable even though their User accounts are not locked out.

More information can be found in this setting here:

https://technet.microsoft.com/en-us/library/jj966264.aspx

Posted by neil, filed under Windows 10. Date: November 2, 2016, 1:03 pm | 1 Comment »

« Previous Entries